The Cybersecurity Maturity Model Certification (CMMC) is a new Department of Defense (DoD) process to ensure that all suppliers in the Defense Industrial Base have a base level of cybersecurity capability. DoD is planning to set CMMC Maturity Level requirements in RFPs starting in late 2020. DoD suppliers will need to be certified by a designated third party. CMMC self-certification will not be accepted. Suppliers that are not certified will not be able to win new DoD contracts individually or as part of a team.
NCG Blog Post: Preparation and Support for the Department of Defense Cybersecurity Maturity Model Certification (CMMC)July 6th, 2020
NCG Offers DoD Vendors Crucial Tools To Support New (CMMC) Cybersecurity Certification RequirementsCybersecurity and DoD procurement experts help you demonstrate what you have in place and can leverage to meet CMMC certification targets.
Develop a certification readiness plan that fits your business and aligns with other inflight efforts.
Management, design, and implementation support to accomplish certification readiness targets and get the most cybersecurity value for your organization.
NCG’s Team is comprised of Cybersecurity Program experts with over 14 years helping organizations improve their cyber posture and demonstrate compliance.
Our Team has extensive experience with DoD contracting, other Federal cyber programs, and system integration across industries. Core competencies include:
HIPAA Requirements
NIST Guidelines
Manufacturing Control & SCADA Systems
FISMA Compliance
CMMC is a new DoD process to measure supplier institutionalization of cybersecurity capabilities
Certification will be required for all new DoD contracts starting in 2020
CMMC—is an effort by the Department of Defense to enhance the protection of information in the Defense Industrial Base.
Maturity Levels measure the level of capability and institutionalization of cybersecurity in an organization.
For some companies the CMMC process will be straightforward and similar to other maturity model frameworks and audits they currently support. For those with robust cybersecurity practices, but have not been through similar reviews, the effort may focus on documentation and being able to represent their current state compared to CMMC model. For other organizations, getting ready for certification could entail implementation and documentation of new practices and processes.
Companies need to demonstrate cybersecurity practice and process performance, along with supporting documentation, to become certified.
Reference
Office of the Under Secretary of Defense for Acquisition & Sustainment Cybersecurity Maturity Model Certification (CMMC)
https://www.acq.osd.mil/cmmc/draft.html
NCG helps organizations accomplish certification objectives in a managed and targeted manner that makes the most business sense for your company’s unique circumstances. NCG’s CMMC Orchestration services follow NCG’s proven delivery model that integrates people, data, technology, and processes—focused on delivery of business objectives.
NCG works with your team to craft processes that meet CMMC specifications and provide value for your organization. Our automated tools streamline documentation creation and provide real-time tracking of progress.
These same tools provide a fast and easy way to figure out where changes are needed and maintain currency to keep up with internal and external changes.
Having your team ready and knowing what to expect from a certification examination will help things go smoothly. NCG provides team preparation and training that includes mock exercises and information organization. We help make sure that people across your organization are ready for the certification process.
NCG provides planning, technical and project management of practice implementation efforts. We help you work with third-party vendors and ensure a good fit for the organization and its operations.
We validate and verify both capability design and performance for your operating environment. We provide tools to streamline documentation development and to maintain currency over time.
Beyond initial certification, efforts taken should become a sustainable program that provides value for the organization. NCG designs and implements frameworks to keep things going, maintain currency, and the agility to evolve with the organization as it grows.
The DoD Cybersecurity Maturity Model Certification (CMMC) is a new maturity model to measure cybersecurity capabilities across all DoD suppliers. DoD is targeting Certification Level requirements to start appearing in RFPs in late 2020. Suppliers without the required Certification Levels will not be able to win new contracts individually or as a part of a team.
synopsis:
An overview of the CMMC model and its foundations in FAR/DFAR requirements and NIST 800-171 specifications. The session will explore what organizations will need to have in place to achieve various levels of certification, along with best practices for getting started.
audience:
all DoD suppliers, all learning tracks
duration:
30 minutes
format:
online, scheduled
synopsis:
An interactive session to help organizations develop an approach and working level plan to get certified under CMMC. The session will focus on ways to prioritize and organize efforts tailored to your specific organization. Course materials will include planning templates to help organizations understand their specific scope of efforts and how balance costs, timelines, and levels of effort.
audience:
all DoD suppliers, all learning tracks
duration:
30 minutes
format:
online, scheduled
Material designed for organizational leaders and senior management focused on understanding scope, approach options, levels of effort, and potential pitfalls.
Material that gets into the implementation and operational components of technologies, tools, and operations for cybersecurity practices and processes.
Material focused on initial and ongoing compliance demonstrations, along with a programmatic approach for oversight and governance across the organization.
Exploration of CMMC Maturity Level regulatory and specification basis and cybersecurity objectives and how these will impact how an organization operates on range of levels.
duration:
30 Minutes
applicable tracks:
Executive & Management | Cybersecurity & IT | Compliance & Risk
Review of the Model’s Domain and Capability organization of cybersecurity Practices and applicability to Processes across Maturity Levels, and approaches to best plan efforts for a specific organization’s operations.
duration:
30 Minutes
applicable tracks:
Executive & Management | Cybersecurity & IT | Compliance & Risk
Dive into the details of the different CMMC Practices and look at technical options, examples, and considerations for implementation and operations. Review model examples and reference details to better understand Model expectations.
duration:
6 Hours
applicable tracks:
Cybersecurity & IT | Compliance & Risk
Exploration of the CMMC Process models and their applications across Domains and Maturity Levels. Gain an understanding of the CERT Resilience Management Model process improvement approach that is the basis for the CMMC Processes.
duration:
90 minutes
applicable tracks:
Cybersecurity & IT | Compliance & Risk
Ensure your team is ready for a certification review with this walk through of preparation steps and activities that can help set your entire team up for success. Explore best practices around organization of materials and conducting exercises with key personnel, as well as common mistakes to look out for.
duration:
6 Hours
applicable tracks:
Executive & Management | Cybersecurity & IT | Compliance & Risk
Framework to keep things going, maintain currency, and evolve with the organization
NCG uses a programmatic approach to institutionalize the cybersecurity practices called for in the CMMC model across your organization. We help find the best ways to integrate cybersecurity efforts in the short and long run, leverage other efforts for economies of scale, and empower people for successful. A programmatic approach helps build cybersecurity into the corporate culture—part of how things are done on a day-to-day basis.
Secure Cloud-based Tracking and Management of Certification Preparation and Ongoing Program Maintenance
Track progress and measure accomplishments through Maturity Levels with real-time status and report updates
Tools to identify where changes may be needed based on model and other changes to quickly and easily maintain currency
Guided documentation creation and updates required under the Model
Process management of reviews and approvals across the organization
Take NCG’s free baseline questionnaire to see where your current Maturity Level may be and what it may take to get to your target.
Create an account and take as much time as you need to complete it. You can even create accounts for your team to answer questions.