Cybersecurity Maturity Model Certification (CMMC) is the incoming DoD framework for cyber defense in nongovernmental systems. This information security model is based on NIST Publication 800-171, which is already required of contracts with a 7012 clause in place. CMMC assessments will function as the formal, third-party audit mechanism of 171 control implementation. These are scheduled to be required of the DoD supply chain no later than Q2 2025.
CMMC promises to be the most stringent set of cyber requirements ever asked of the defense industrial base. Large prime contractors have already begun to ask subs about their ability to pass the third-party assessments introduced by CMMC. If your organization processes, handles, or stores Controlled Unclassified Information (CUI), and hasn't prepared for a certification, the next military contract or prime contract you seek could be out of reach.
Developing a mature CMMC compliance program begins with a Gap Assessment. DCG’s highly experienced team of Certified CMMC Assessors (CCAs) and Certified CMMC Professionals (CCPs) have conducted Gap Assessments for organizations of all kinds from medium-sized manufacturers, to Fortune 500 companies, to research universities. Our risk-based methodology unites the power of your own team with DCG’s expertise, contrasting your information security architecture with the 320 assessment objectives in 800-171a and producing a high-confidence Supplier Performance Risk System (SPRS) score.
CMMC Gap Assessment
and SPRS Score Development
.png)
CMMC Governance and Execution
While CMMC Gap Assessments are designed to identify the steps an organization must take to reach compliance, our Governance and Execution offering provides a team of configuration experts and technical writers to assist in executing those steps across the board.
How this looks will differ widely depending on the gaps identified, their number, the projected assessment date, and the resources available to the organization seeking certification internally.
CMMC Implementation Support
Many businesses’ compliance efforts are ongoing in some capacity already. DCG’s CMMC Implementation Support service is designed to assist such businesses, which often only need additional expertise in one or two areas.
This project-based offering provides solutions to the challenges most central to your company in the context of its broader compliance journey.
CMMC Documentation and Evidence Collection
DCG's certified CMMC Consultants and Technical Writers are available to support your organization as it develops its System Security Plan (SSP), policies, procedures, and other documentation essential to a compliant information security architecture.
More than half of all CMMC requirements speak to documentation. In fact, 171a’s granular assessment objectives, which demand companies record, systematize, and substantiate processes in detail as they are performed, represent most of the work toward compliance.
Our CMMC Documentation and Evidence Collection offering is designed to alleviate the burden of transcribing processes, to align your document stack with CMMC-specific requisites, and to create an Evidence Locker in support of your future assessment.
Internal Audit Consulting
Large organizations often rely on an Internal Audit process to verify compliance performance with a variety of standards. However, internal audit teams can be unfamiliar with the highly technical information security requirements, such as FIPS-validated encryption, put forward by NIST SP 800-171.
Cybersecurity Maturity Model Certification (CMMC), NIST CSF, and other budding frameworks require an unusual degree of expertise to implement. In particular, CMMC will pose serious challenges to the internal audit teams of large, multifaceted organizations.
DCG's certified experts offer consultation services tailored to the needs of internal audit professionals. Let us support your team with our experience leading compliance efforts for organizations of all sizes, from Fortune 50 companies to mom and pop shops.
CMMC Mock Assessment
Impending CMMC assessments promise to be both expensive and atypically challenging to pass. This is largely due to the fact that CMMC requires a 100% control implementation rate. A 98% can still result in failure. As a result, many organizations will need to undergo multiple formal assessments to become certified. If you suspect your company is ready for a third-party evaluation of its 171 implementation, DCG is prepared to perform a "Mock Assessment." In other words, our staff will conduct an assessment just as a Certified Third Party Assessment Organization (C3PAO) would. However, unlike a C3PAO, we follow our Mock Assessments with 1) a list of identified gaps in compliance, 2) expert, risk-based advice on how to remediate these gaps, and 3) training for your employees to fully prepare them for the formal CMMC process. This tri-fold approach not only provides an up-to-date SPRS score, it ensures your team and cyber architecture are truly prepared to pass your future CMMC assessment - the first time.
CMMC Consulting
"By the Drink"
As a veteran-owned and operated business, Defense Cybersecurity Group's team of subject matter experts are prepared to help your organization chart a strategic course to CMMC readiness.
Our "by the drink” consultancy model is unique to DCG, and is designed to make expert advice available to companies of all sizes and needs. If you are a small business, or a large organization looking for an expert to phone-a-friend, our most practiced team members are available to support you on your compliance journey.
