top of page
SERVICES
We Deliver Exceptional Services to Industry and Commercial
FAQs
-
What is CMMC?The Cybersecurity Maturity Model Certification is a new standard that will take the place of NIST 800-171 on DoD contracts. CMMC 2.0 is broken down into 3 levels of certification ranging from basic to advanced. Additionally, CMMC requires a third-party assessment and certification on a subset of Level 2 contracts.
-
What type of deliverables or documentation does CMMC require?It is a requirement of CMMC to provide a System Security Plan as well as policies and procedures on how you implement the practices found in CMMC. The auditor will most likely need to provide a Report on Compliance, like that of PCI and FedRAMP. If you are submitting a self-assessment for Levels 1 or 2 you will need a System Security Plan to claim compliance.
-
How do I prepare for CMMC certification?Two steps to get your company underway: Get NIST 800-171 documentation out of the way. This will get you through many of the CMMc Level 2 requirements and keep you compliant with the current DFARs clause. Be ready to address any gaps you find and implement solutions to remediate them. It is still unclear whether your organization will need to obtain a third-party audit and certification or if you’ll be able to self-assess and submit the results manually.
-
What can I expect in order to be Level 2 certified?This new version of CMMC contains a slimmed down tiered model of only 3 levels of compliance/certification. Level 1 is considered Foundational. Level 2 is “Advanced” with 110 practices. Level 2 will be split into two groups. Those who have been deemed to work with critical national security information will need to obtain a certification with a C3PAO, like us.
-
When can I expect to see CMMC in contracts?On Monday, 16 December 2024, the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body (CyberAB) announced the official establishment of CMMC as a Department of Defense (DoD) program under the Title 32 final rule. CMMC will show up as a requirement in DoD contracts. This means, you should prepare by working with an assessor like us.
bottom of page