CMMC Certification Overview
CMMC & DFARS Compliance Is Not Easy
The Truth About CMMC
- CMMC requires a complex mix of tools, processes, people (skills and expertise), and documentation
- A read of any single CMMC practice, let alone all 110 of them, leaves cybersecurity practitioners asking many questions
- Most solutions pushed online typically solve for different portions of CMMC but not the whole, and lead to organizations making redundant security investments for tools they already have
Despite all of this, CMMC can be solved in a manageable and holistic manner.
Your organization has likely solved some, but not all, of CMMC requirements.
We will help you identify, remediate, and maintain your gaps.
What You Are Likely Seeing
A barrage of companies claim to have a solution. Many go as far to claim “CMMC is easy!”
But you’re left trying to cut through the noise. Which companies have the right solutions for CMMC compliance?
Where are the appropriate places to make necessary investments?
What is CMMC?
To get a bit technical, the Cybersecurity Maturity Model Certification (CMMC) is a regulatory requirement that was introduced in November 2020. CMMC is prescribed in the Defense Federal Acquisition Regulation Supplement 252.204-7021 clause, interim rule. While still being ironed out, once codified through lawmaking, CMMC will become a contract requirement.
How Does This Affect You?
Defense contractors with the DFARS 252.204-7012 clause are required to comply with NIST Special Publication (SP) 800-171. Organizations with Federal Contract Information (FCI) are also required to comply with the basic safeguarding requirements within NIST 800-171 per the FAR 52.204-21 regulatory requirement.
Per the DoD, “the relationship between CMMC and NIST standards is that CMMC requirements will result in a contractor self-assessment, or a third-party assessment, to determine whether the applicable NIST standard (as identified by the DFARS clause) has been met.”
We Are Here to Help
