top of page

Cybersecurity Maturity Model Certification (CMMC) is the incoming DoD framework for cyber defense in nongovernmental systems. This information security model is scheduled to be required of the DoD supply chain by 2025.

 

CMMC promises to be the most stringent set of cyber requirements ever asked of the defense industrial base. Based on existing requirements to implement the security controls in NIST SP 800-171, large prime contractors are already asking subs about their ability to pass the third-party assessments that will be introduced by CMMC. If your organization processes, handles, or stores Controlled Unclassified Information (CUI), and hasn't prepared for a certification, the next military contract you seek could be out of reach.

 

As a veteran-owned and operated business, Defense Cybersecurity Group's team of subject matter experts are prepared to help you chart a course to CMMC readiness. Our "by the drink" consultancy model is unique to DCG, and is designed to make expert advice available to companies of all sizes. 

Flexible CMMC Consulting

CMMC Consulting
consulting_edited.jpg
Mock Assessments

CMMC Mock Assessment

Impending CMMC assessments promise to be both expensive and atypically challenging to pass. This is largely due to the fact that CMMC requires a 100% control implementation rate. A 98% can still result in failure. As a result, many organizations will need to undergo multiple formal assessments to become certified. If you suspect your company is ready for a third-party evaluation of its 171 implementation, DCG is prepared to perform a "Mock Assessment." In other words, our staff will conduct an assessment just as a Certified Third Party Assessment Organization (C3PAO) would. However, unlike a C3PAO, we follow our Mock Assessments with 1) a list of identified gaps in compliance, 2) expert, risk-based advice on how to remediate these gaps, and 3) training for your employees to fully prepare them for the formal CMMC process. This tri-fold approach not only provides an up-to-date SPRS score, it ensures your team and cyber architecture are truly prepared to pass your future CMMC assessment - the first time.

mock assessment _edited.jpg
briefing_edited.jpg

Cyber Governance Briefing

DCG’s CEO Vince Scott has partnered with retired Vice Adm. and founder of One Network Connections, TJ White, to brief C-Suites and board members on the compliance risks, financial implications, and federal regulatory timelines they need to know to remain prepared in the increasingly fluid national security sectors of cyberspace and defense. 

 

Vince is a leading voice in the Defense Industrial Base cyber regulatory ecosystem. He is the FBI Infragard’s SME on Cyber Warfare, a Certified CMMC Assessor and Provisional Instructor, and has acted as a panelist for both the National Defense Industry Association (NDIA) and CMMC Accreditation-Body (Cyber A-B). He has experience advising companies of all sizes, from Fortune 50s to small parts shops, in preparing their information security architecture for CMMC, NIST CSF, and other cyber frameworks. 

 

As a cyber planner, practitioner, operator, strategist, and leader, TJ has been on the tail-end of acquisition, implementation, rollout, and organizational understanding; as well as Trust, Technology, Tactics, Tradecraft, and Procedure uptake. He is a trusted advisor and strategist in the information security space. 

 

Offerings emphasize risk assessment and consequence management with respect to cybersecurity, critical infrastructure, supply chains, technology policies, and trust relationships. 

 

“Across key national security sectors of defense, cyberspace, and space, it is critical to understand that we are in a race condition. We no longer possess the luxury of time, distance, or widely-accepted international standards. Collective security and confident national resiliency will only be found in effective collaboration and committed cyberspace resiliency.” - T.J. White

Cyber Goverance Briefing
Interal Audit Support

Internal Audit Consulting

Large organizations often rely on an Internal Audit process to verify compliance performance with a variety of standards. However, internal audit teams can be unfamiliar with the highly technical information security requirements, such as FIPS-validated encryption, put forward by NIST SP 800-171.

 

Cybersecurity Maturity Model Certification (CMMC), NIST CSF, and other budding frameworks require an unusual degree of expertise to implement. In particular, CMMC will pose serious challenges to the internal audit teams of large, multifaceted organizations.

 

DCG's certified experts offer consultation services tailored to the needs of internal audit professionals. Let us support your team with our experience leading compliance efforts for organizations of all sizes, from Fortune 50 companies to mom and pop shops.

audit_edited.jpg
NIST CSF
nist_edited.jpg

NIST CSF Compliance

DCG can build your information security architecture to compliance with the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) .

 

Based on the wholistic philosophy of confidentiality, integrity, and availability (CIA), NIST CSF is a comprehensive cybersecurity framework ideal for organizations seeking to solidify their information security beyond what is simply required.

Policy & Procedure Development

Policy and Procedure Development

DCG's Cybersecurity Consultants and Technical Writers are available to support you in the development of your System Security Plan (SSP), policies, procedures, and other documentation essential to creating an effective, compliant cyber architecture.

policy_edited.jpg
CISO as a Service
vciso_edited.jpg

CISO as a Service

Connect with us for occasional interactive consulting, or allow us to take a leadership role in your security stack. 

 

As virtual CISOs, DCG team members are available to provide responsive assistance and technical advice to your organization, helping you to implement essential information security systems and compliance mechanisms.

CISO as a Service is offered at minimal cost and to the extent that satisfies your needs, from just a few hours of consulting, to daily engagement, to ongoing support.

bottom of page