The Cybersecurity Maturity Model Certification (CMMC) is a new Department of Defense (DoD) process to ensure that all suppliers in the Defense Industrial Base have a base level of cybersecurity capability. DoD is planning to set CMMC Maturity Level requirements in RFPs starting in late 2020. DoD suppliers will need to be certified by a designated third party. CMMC self-certification will not be accepted. Suppliers that are not certified will not be able to win new DoD contracts individually or as part of a team.
NCG Blog Post: Preparation and Support for the Department of Defense Cybersecurity Maturity Model Certification (CMMC)Cybersecurity and DoD procurement experts help you demonstrate what you have in place and can leverage to meet CMMC certification targets.
Develop a certification readiness plan that fits your business and aligns with other inflight efforts.
Management, design, and implementation support to accomplish certification readiness targets and get the most cybersecurity value for your organization.
NCG’s Team is comprised of Cybersecurity Program experts with over 14 years helping organizations improve their cyber posture and demonstrate compliance.
Our Team has extensive experience with DoD contracting, other Federal cyber programs, and system integration across industries. Core competencies include:
HIPAA Requirements
NIST Guidelines
Manufacturing Control & SCADA Systems
FISMA Compliance
CMMC is a new DoD process to measure supplier institutionalization of cybersecurity capabilities
Certification will be required for all new DoD contracts starting in 2020
CMMC—is an effort by the Department of Defense to enhance the protection of information in the Defense Industrial Base.
Maturity Levels measure the level of capability and institutionalization of cybersecurity in an organization.
For some companies the CMMC process will be straightforward and similar to other maturity model frameworks and audits they currently support. For those with robust cybersecurity practices, but have not been through similar reviews, the effort may focus on documentation and being able to represent their current state compared to CMMC model. For other organizations, getting ready for certification could entail implementation and documentation of new practices and processes.
Companies need to demonstrate cybersecurity practice and process performance, along with supporting documentation, to become certified.
Reference
Office of the Under Secretary of Defense for Acquisition & Sustainment Cybersecurity Maturity Model Certification (CMMC)
https://www.acq.osd.mil/cmmc/draft.html
NCG helps organizations accomplish certification objectives in a managed and targeted manner that makes the most business sense for your company’s unique circumstances. NCG’s CMMC Orchestration services follow NCG’s proven delivery model that integrates people, data, technology, and processes—focused on delivery of business objectives.
NCG works with your team to craft processes that meet CMMC specifications and provide value for your organization. Our automated tools streamline documentation creation and provide real-time tracking of progress.
These same tools provide a fast and easy way to figure out where changes are needed and maintain currency to keep up with internal and external changes.
Having your team ready and knowing what to expect from a certification examination will help things go smoothly. NCG provides team preparation and training that includes mock exercises and information organization. We help make sure that people across your organization are ready for the certification process.
NCG provides planning, technical and project management of practice implementation efforts. We help you work with third-party vendors and ensure a good fit for the organization and its operations.
We validate and verify both capability design and performance for your operating environment. We provide tools to streamline documentation development and to maintain currency over time.
Beyond initial certification, efforts taken should become a sustainable program that provides value for the organization. NCG designs and implements frameworks to keep things going, maintain currency, and the agility to evolve with the organization as it grows.
Framework to keep things going, maintain currency, and evolve with the organization
NCG uses a programmatic approach to institutionalize the cybersecurity practices called for in the CMMC model across your organization. We help find the best ways to integrate cybersecurity efforts in the short and long run, leverage other efforts for economies of scale, and empower people for successful. A programmatic approach helps build cybersecurity into the corporate culture—part of how things are done on a day-to-day basis.
Secure Cloud-based Tracking and Management of Certification Preparation and Ongoing Program Maintenance
Track progress and measure accomplishments through Maturity Levels with real-time status and report updates
Tools to identify where changes may be needed based on model and other changes to quickly and easily maintain currency
Guided documentation creation and updates required under the Model
Process management of reviews and approvals across the organization
Take NCG’s free baseline questionnaire to see where your current Maturity Level may be and what it may take to get to your target.
Create an account and take as much time as you need to complete it. You can even create accounts for your team to answer questions.