Compliance with the Cybersecurity Maturity Model Certification (CMMC) program requires DoD contractors to undergo cybersecurity audit and certification, beginning in 2020/2021. Based on NIST 800-171 controls, the CMMC will be a single standard for all DoD contracts. Previous regulations for DoD contractors handling controlled unclassified information (CUI) allowed for self-certification of compliance with appropriate NIST 800-171 controls. CMMC requires third-party audits and certification to ensure that DoD contractors have appropriate levels of security in place.
Assessment & Advisory Services
- to identify gaps and recommend mitigation steps for needed security controls
- Provide education on 800-171 and its specific requirements
- Understand the system(s) and determine where CUI and CDI are located
- Finalize the system boundary for 800-171 compliance
- Walk through the NIST 800-171 Control Requirements Matrix
Rizkly Guided Compliance Solution
- Service that combines a compliance app with expert advisory to assist your in-house efforts
- to help you manage and track CMMC compliance tasks. Rizkly provides one-click creation of audit-ready documentation.
- Determine the status for each requirement, and note any gaps where remediation is needed
- Perform limited technical testing to validate compliance assertions
- Develop initial Project of Actions & Milestones (POA&M)
- Organize content, customize controls and define a prioritized action plan in Rizkly, a SaaS cloud-based compliance management application
3rd Party CMMC Assessment Services (after certification from the CMMC Accreditation Body in late 2020)
- Prioritize control gaps to identify those that can be remediated quickly (e.g., within the time allocated for the project)
- Assist with the implementation/enhancement of prioritized controls
- Document control activities on the SSP to demonstrate how 800-171 requirements are being met
- Develop needed documentation (i.e. System Security Plan (SSP), Incident Response Plan (IRP), Policies & Procedures, etc.)
- Develop Management Assertion Letter that can be provided to customers/primes when asked
- Assist with updating the POAM to reflect any remaining controls that are not implemented or that need to be enhanced
- Leverage Rizkly to organize policies, track tasks, and demonstrate compliance with auditors and assessors
Take the next step to help your company achieve NIST 800-171 compliance in a timely manner. SecureIT wants to help you succeed with a variety of options to get started:
- Our infographic is a great place to start. It boils down what you need to know about NIST 800-171 (key facts, planning, and tips for success) and just takes a couple minutes to review. See it here.
- Click here to get pricing for our NIST 800-171 Express Compliance Package that we tailor to meet your organization’s specific needs. We will pick up the phone and call you to discuss your specific needs.
- Our brief eBook, “5 Tips for NIST 800-171 Success“, provides valuable guidance in helping government contractors meet the upcoming compliance deadline with minimal disruption to your core business. Download it today.