Ready to Get Started?
Our team of professionals is ready to dive in and collaborate with your team
What is it?
The Cybersecurity Maturity Model Certification (CMMC) is a unified standard for implementing cybersecurity across the defense industrial base (DIB), which includes over 300,000 companies in the supply chain. The CMMC is the DoD's response to significant compromises of sensitive defense information located on contractors' information systems. The CMMC is an evolution of DFARS 252.204-7012 (NIST SP 800-171) and now requires third-party attestation.
Previously, contractors were responsible for implementing, monitoring and certifying the security of their information technology systems and any sensitive DoD information stored on or transmitted by those systems. Contractors remain responsible for implementing critical cybersecurity requirements, but the CMMC changes this paradigm by requiring third-party assessments of contractors' compliance with certain mandatory practices, procedures and capabilities that can adapt to new and evolving cyber threats from adversaries.
The CMMC establishes five certification levels that reflect the maturity and reliability of a company's cybersecurity infrastructure to safeguard sensitive government information on contractors' information systems – from Basic Cybersecurity Hygiene (Level 1) to Advanced Cybersecurity Practices (Level 5). The five levels are tiered and build upon each other's technical requirements. Each level requires compliance with the lower-level requirements and institutionalization of additional processes to implement specific cybersecurity-based practices.
Why do our client’s need help?
Whether you’re a current DoD contractor planning on renewing a current contract or bidding on new work, or an organization planning on pursuing future work, you will need to be certified at one of the 5 maturity levels. The DoD will determine which maturity level is required to bid on each solicitation, as such organizations will need to determine which maturity level is needed based on the nature of the contracts and work they would like to pursue. The maturity level of each organization will need to be assessed and validated by an independent CMMC Third-Party Assessment Organization (C3PAO).
RISCPoint specializes in getting organizations ready to undergo the certification process, by offering the following services:
- Advisory Workshops and Gap Assessments
- Determine if the CMMC applies to your organization
- Identify how your current compliance posture (NIST 800-171, NIST 800-53, etc.) translates to the CMMC requirements
- Develop a roadmap to compliance with the applicable CMMC Maturity Level
- Remediation Assistance
- Development of all required security documentation
- Review of remediation approach and revalidation of compliance
- Assistance with audit coordination
For some of the most frequently asked questions and updates in the process, the Office of the Under Secretary of Defense for Acquisition Sustainment maintains aCMMC FAQwhere contractors can keep up to date on the certification process.
Why work with us?
- We employ a team of industry experts who have assisted a large number of governmental contractors or all sizes achieve authorization.
- Our advisors have worked with and at some of the largest 3PAOs and bring the knowledge of what auditors, authorizing officials, and the authorization process.
- Our wide partner network includes security software vendors, hosting providers, as well as security engineers – we will be your one-stop-shop for all your authorization needs.
- We offer a wide range of security and compliance services and specialize in the development of enterprise-wise controls environments which will allow you to meet multiple standards and frameworks (FISMA, FedRAMP, SOC 1, SOC2, HITRUST, HIPAA, ISO 27001, and others) and minimize the time spent on audit and compliance works so you can focus on your day-to-day operations.
Start the Conversation
Work with our team of professionals to help find a tailored solution for your company