DoD Cybersecurity Maturity Model Certification (CMMC) Preparation & Implementation Services

CMMC questionnaire

Take a free questionnaire to see where you might stand…

Understanding DoD's CMMC

The Cybersecurity Maturity Model Certification (CMMC) is a new Department of Defense (DoD) process to ensure that all suppliers in the Defense Industrial Base have a base level of cybersecurity capability. DoD is planning to set CMMC Maturity Level requirements in RFPs starting in late 2020. DoD suppliers will need to be certified by a designated third party. CMMC self-certification will not be accepted. Suppliers that are not certified will not be able to win new DoD contracts individually or as part of a team.

NCG Blog Post: Preparation and Support for the Department of Defense Cybersecurity Maturity Model Certification (CMMC)

What your organization needs to do for CMMC Certification

Cybersecurity and DoD procurement experts help you demonstrate what you have in place and can leverage to meet CMMC certification targets.

Establish certification targets, budgets, and timelines

Develop a certification readiness plan that fits your business and aligns with other inflight efforts.

Get going with implementation and tracking support

Management, design, and implementation support to accomplish certification readiness targets and get the most cybersecurity value for your organization.

NCG has a proven track record implementing Cybersecurity Programs and demonstrating compliance

NCG’s Team is comprised of Cybersecurity Program experts with over 14 years helping organizations improve their cyber posture and demonstrate compliance.

Our Team has extensive experience with DoD contracting, other Federal cyber programs, and system integration across industries. Core competencies include:

  • HIPAA Requirements

  • NIST Guidelines

  • Manufacturing Control & SCADA Systems

  • FISMA Compliance

Cybersecurity Maturity Model Certification (CMMC)

CMMC is a new DoD process to measure supplier institutionalization of cybersecurity capabilities

Certification will be required for all new DoD contracts starting in 2020

CMMC—is an effort by the Department of Defense to enhance the protection of information in the Defense Industrial Base.

Maturity Levels measure the level of capability and institutionalization of cybersecurity in an organization.

Getting Ready for Certification

For some companies the CMMC process will be straightforward and similar to other maturity model frameworks and audits they currently support. For those with robust cybersecurity practices, but have not been through similar reviews, the effort may focus on documentation and being able to represent their current state compared to CMMC model. For other organizations, getting ready for certification could entail implementation and documentation of new practices and processes.

What Your Organization will need for CMMC Certification

Companies need to demonstrate cybersecurity practice and process performance, along with supporting documentation, to become certified.

Reference

Office of the Under Secretary of Defense for Acquisition & Sustainment Cybersecurity Maturity Model Certification (CMMC)

https://www.acq.osd.mil/cmmc/draft.html

NCG helps you wrap your arms around everything that needs to be accomplished and get it done.

Know Where You are Starting

  • Leverage what is in place
  • Understand what is needed
  • Understand how the model is organized and what the model is looking for

Plan the Work

  • What certification level do you need
  • How can you leverage complimentary or inflight efforts
  • What prioritization makes the best business and cybersecurity value

Work the Plan

  • Prioritize efforts
  • Track progress and measure results
  • Make adjustments as needed

NCG CMMC Services

Implementation, Documentation, & Prep Support

NCG provides management, design, and integration services to help your organization implement and be ready for certification

Services for Certification Readiness

NCG helps organizations accomplish certification objectives in a managed and targeted manner that makes the most business sense for your company’s unique circumstances. NCG’s CMMC Orchestration services follow NCG’s proven delivery model that integrates people, data, technology, and processes—focused on delivery of business objectives.

Process Design & Implementation

NCG works with your team to craft processes that meet CMMC specifications and provide value for your organization. Our automated tools streamline documentation creation and provide real-time tracking of progress.

These same tools provide a fast and easy way to figure out where changes are needed and maintain currency to keep up with internal and external changes.

Team Audit Preparation

Having your team ready and knowing what to expect from a certification examination will help things go smoothly. NCG provides team preparation and training that includes mock exercises and information organization. We help make sure that people across your organization are ready for the certification process.

Practice Implementation & Performance

NCG provides planning, technical and project management of practice implementation efforts. We help you work with third-party vendors and ensure a good fit for the organization and its operations.

We validate and verify both capability design and performance for your operating environment. We provide tools to streamline documentation development and to maintain currency over time.

Sustainable & Agile Programmatic Approach

Beyond initial certification, efforts taken should become a sustainable program that provides value for the organization. NCG designs and implements frameworks to keep things going, maintain currency, and the agility to evolve with the organization as it grows.

NCG Information & Training Sessions

General CMMC Information Series

The DoD Cybersecurity Maturity Model Certification (CMMC) is a new maturity model to measure cybersecurity capabilities across all DoD suppliers. DoD is targeting Certification Level requirements to start appearing in RFPs in late 2020. Suppliers without the required Certification Levels will not be able to win new contracts individually or as a part of a team.

CMMC-100 Introduction to the DOD Cybersecurity Maturity Model Certification (CMMC)

synopsis:

An overview of the CMMC model and its foundations in FAR/DFAR requirements and NIST 800-171 specifications. The session will explore what organizations will need to have in place to achieve various levels of certification, along with best practices for getting started.

audience:

all DoD suppliers, all learning tracks

duration:

30 minutes

format:

online, scheduled

CMMC-200 Developing a CMMC Plan & Strategy for Your Organization

synopsis:

An interactive session to help organizations develop an approach and working level plan to get certified under CMMC. The session will focus on ways to prioritize and organize efforts tailored to your specific organization. Course materials will include planning templates to help organizations understand their specific scope of efforts and how balance costs, timelines, and levels of effort.

audience:

all DoD suppliers, all learning tracks

duration:

30 minutes

format:

online, scheduled

CMMC: Cybersecurity Practice & Process Implementation and Certification Readiness Series

Series Learning Tracks

Executive & Management

Material designed for organizational leaders and senior management focused on understanding scope, approach options, levels of effort, and potential pitfalls.

Cybersecurity & IT

Material that gets into the implementation and operational components of technologies, tools, and operations for cybersecurity practices and processes.

Compliance & Risk

Material focused on initial and ongoing compliance demonstrations, along with a programmatic approach for oversight and governance across the organization.

Series Curriculum

301 - Understanding CMMC Maturity Levels

Exploration of CMMC Maturity Level regulatory and specification basis and cybersecurity objectives and how these will impact how an organization operates on range of levels.

duration:

30 Minutes

applicable tracks:

Executive & Management | Cybersecurity & IT | Compliance & Risk

302 - CMMC Domains & Capabilities

Review of the Model’s Domain and Capability organization of cybersecurity Practices and applicability to Processes across Maturity Levels, and approaches to best plan efforts for a specific organization’s operations.

duration:

30 Minutes

applicable tracks:

Executive & Management | Cybersecurity & IT | Compliance & Risk

303 - CMMC Domains & Capabilities

Dive into the details of the different CMMC Practices and look at technical options, examples, and considerations for implementation and operations. Review model examples and reference details to better understand Model expectations.

duration:

6 Hours

applicable tracks:

Cybersecurity & IT | Compliance & Risk

304 - CMMC Processes

Exploration of the CMMC Process models and their applications across Domains and Maturity Levels. Gain an understanding of the CERT Resilience Management Model process improvement approach that is the basis for the CMMC Processes.

duration:

90 minutes

applicable tracks:

Cybersecurity & IT | Compliance & Risk

305 - CMMC Certification Preparation

Ensure your team is ready for a certification review with this walk through of preparation steps and activities that can help set your entire team up for success. Explore best practices around organization of materials and conducting exercises with key personnel, as well as common mistakes to look out for.

duration:

6 Hours

applicable tracks:

Executive & Management | Cybersecurity & IT | Compliance & Risk

Programmatic Approach for Sustainability & Agility

Framework to keep things going, maintain currency, and evolve with the organization

NCG uses a programmatic approach to institutionalize the cybersecurity practices called for in the CMMC model across your organization. We help find the best ways to integrate cybersecurity efforts in the short and long run, leverage other efforts for economies of scale, and empower people for successful. A programmatic approach helps build cybersecurity into the corporate culture—part of how things are done on a day-to-day basis.

Secure Cloud-based Tracking and Management of Certification Preparation and Ongoing Program Maintenance

Progress Oversight

Track progress and measure accomplishments through Maturity Levels with real-time status and report updates

Automation to Support Updates

Tools to identify where changes may be needed based on model and other changes to quickly and easily maintain currency

Documentation Management

Guided documentation creation and updates required under the Model

Workflow Facilitation

Process management of reviews and approvals across the organization

where do you currently stand?

Take NCG’s free baseline questionnaire to see where your current Maturity Level may be and what it may take to get to your target.

Create an account and take as much time as you need to complete it. You can even create accounts for your team to answer questions.

Back to Top

Submit an RFP or Request Contact