Cybersecurity Maturity Model Certification (CMMC)
– PJR is now a provisionally recognized 3rd party certification body for CMMC.
Attention all DoD Suppliers & prospective CMMC Clients:
The Department of Defense (DoD) now has a requirement for all suppliers to complete a self-assessment to NIST SP 800-171 within the past three years no later than November 30th, 2020. PJR is pleased to be able to offer a Self-Assessment Preparedness Program to help your organization successfully prepare for the required self-assessment; please inquire for pricing and further details!
What is it?
CMMC is a framework encompassing a range of maturity levels ranging from basic cybersecurity hygiene to advanced with the intention of combining multiple cybersecurity control standards (i.e. NIST SP 800-171, ISO 27001, etc.) into one standard. In addition to cybersecurity control standards, a measure of maturity will be taken of a company’s practices and processes.
Created by the Department of Defense (DoD), CMMC is just one part of a government-led effort to protect the US defense supply chain from interference or sabotage in the form of cyber threats. In 2015, the DoD published the Defense Acquisition Federal Regulation Supplement (DFARS), mandating private contractors must adopt cybersecurity standards that subscribe to the NIST SP 800-171 cybersecurity framework. CMMC has been created in order to ensure the proper levels of controls and processes are in place due to the slow adoption of DFARS regulations.
What are the levels?
There are five levels within CMMC, ranging from basic to advanced. At the most basic levels, a DoD contractor must implement a minimum of 17 practices from the CMMC framework. In contrast, at the “Advanced/Progressive” Level 5, a contractor must implement 171 practices from the framework.
Who does it apply to?
CMMC is intended for current or prospective United States Department of Defense contractors and subcontractors.
What can we do?
While available information is limited regarding what CMMC certification will involve, there is an early version 1.0 model released containing practices required for each level. With this resource, we are able to provide a pre-assessment determining an organization’s readiness level to achieve CMMC certification depending upon target level and strategic direction. Upon completion of a pre-assessment, clients will have a clearer understanding of any gaps in their systems and what steps will need to be undertaken to close them before a full CMMC audit.
To learn more about CMMC or how PJR pre-assessment may help you prepare, contact us at (248) 358-3388.