Industry Leader in Cybersecurity

Providing Independent IT Security Assessments and Software Supply Chain Assurance Services

What is the Cybersecurity Maturity Model Certification?

The Cybersecurity Maturity Model Certification (CMMC) is a new set of cyber security guidelines that will replace NIST 800-171 on DoD contracts. The CMMC guidelines are partially derived from NIST 800-171, plus additional controls from other standards such as ISO, FedRAMP, and various NIST frameworks, and many other regulations to create five levels of ‘CMMC Certification’ that will reflect the type of cyber security compliance level that a contractor will need to attain for a particular DoD and/or U.S. Federal Government contract. CMMC also requires a 3rd party audit in order to achieve “official CMMC certification”.

Cybersecurity Maturity Model Certification Logo

Why was the Cybersecurity Maturity Model Ceritifcation Created?

The aggregate loss of controlled unclassified information (CUI) from the DIB sector increases risk to national economic security and in turn, national security. In order to reduce this risk, the DIB sector must enhance its protection of CUI in its networks.

The Council of Economic Advisers, an agency within the Executive Office of the President, estimates that malicious cyber activity cost the U.S. economy between $57 billion and $109 Billion in 2016 [Ref: “The Cost of Malicious Cyber Activity to the U.S. Economy, CEA” in February 2018].

The Center for Strategic and International Studies (CSIS), in partnership with McAfee, reports that as much as $600 Billion, nearly 1% of global GDP, may be lost to cyber-crime each year. The estimate is up from a 2014 study that put global losses at about $445 Billion. [Ref: “Economic Impact of Cyber-crime – No Slowing Down” in February 2018].

As a result, beginning later this year, DoD requests for proposals will begin requiring a new cybersecurity certification that demonstrates your company can adequately safeguard controlled but unclassified (CUI) information. 

How Can TestPros Help?

Assessment / Gap Analysis

We will start with determining your organization's current compliance with CMMC. We will examine your organization's policies, procedures, personnel knowledgeability, security control implementation, and more.​

Step 1

Compliance

Using the information gathered during the gap-analysis, we will develop a plan the help your organization become compliant. This will typically include a System Security Plan and a Plan of Action and Milestones, but it could consist of other documentation as well.​

Step 2

Program Support

Using the information gathered during the gap-analysis, we will develop a plan the help your organization become compliant. This will typically include a System Security Plan and a Plan of Action and Milestones, but it could consist of other documentation as well.​

Step 3

Training

IT security standards and models are complicated and difficult to follow even for the most experienced professionals. Allow TestPros to transfer some of our 30+ years of knowledge in cybersecurity to your staff.

Step 4

Frequently Asked Questions

If your organization already has, or plans to bid on, a DoD contract, you likely have a requirement to be compliant with NIST 800-171, per DFARS clause 252.204-7012. As it stands, this is a self-certification and does not require an outside audit. In addition, the DoD is set to begin requiring that all new contracts include a requirement for CMMC compliance. The level at which your organization must be certified will vary depending on the RFP. Recently, GSA's STARS III GWAC has also reserved the right to require CMMC certification for companies interested in bidding on RFPs. Aside from the government's contractual requirements, companies can greatly benefit from being NIST 800-171 and/or CMMC compliant. Safeguarding your systems and data is of paramount importance and reduces your organization's exposure to cyber threats. 

This will depend on the type, size and scope of the project. Contact us to determine the pricing for your specific needs. 

This will depend on the type, size and scope of the project. Contact us to determine the pricing for your specific needs.