Cybersecurity Maturity Model Certification (CMMC) Consulting Services
What is Cybersecurity Maturity Model Certification (CMMC)?
The Cybersecurity Maturity Model Certification (CMMC) is a unified cybersecurity standard for Department of Defense (DoD) acquisitions aimed at securing the Defense Industrial Base (DIB) supply chain. This standard was updated in November of 2021 and is now considered “CMMC 2.0”. The CMMC framework consists of three levels and can require an independent third-party certification by an accredited organization.
The new CMMC 2.0 levels are:
- LEVEL 1 – Basic safeguarding of Federal Contract Information (FCI)
- LEVEL 2 – (previous CMMC 1.0 Level 3) Protecting CUI
- LEVEL 3 – (previous CMMC 1.0 Level 4 and 5) Protecting CUI and reducing risk of advanced Persistent Threats (APT)
CMMC 2.0 encompasses the following:
CMMC Certification Timeline
The current schedule released by the DoD states that CMMC 2.0 could be finalized as early as the end of 2022. Therefore, it is imperative if you are a contractor, along any aspect of the DIB supply chain, that you begin to prepare now.
CMMC Services: How Cherry Bekaert Can Help
As a candidate CMMC Certified 3rd Party Assessment Organization (C3PAO) and Registered Practitioner Organization (RPO), Cherry Bekaert is your provider of choice. Our Risk & Accounting Advisory Services (RAAS) group, made up of internal control, cybersecurity and Government Contracting consulting professionals, has decades of experience navigating the ever-changing landscapes of both the government contracting industry and the cyber threat landscape. Our RAAS professionals can help you with CMMC services by way of:
- Certification Level Identification & Consultation
- System Boundary Determination
- Control Definition & Design
- Documentation Development & Review
- Mapping to Existing Frameworks such as: NIST 800-53/171 (FedRAMP, FISMA, DFARS 7012), ISO 27001/2, SOC 2, PCI, HITRUST and Others
- CMMC Assessments for Level 2 Certification
- CMMC Attestations for Level 1 and 2
- SOC 2+ NIST 800-171
Our CMMC Readiness Assessments are designed to identify gaps and prescribe pragmatic solutions to remediate in order to help you achieve the appropriate CMMC Level.
Our CMMC Assessments for Certification are streamlined from Planning & Testing though Reporting & Submission to the CMMC-AB to ensure an efficient assessment from beginning to end.
In addition, Cherry Bekaert offers organizations the ability to undergo an attestation to the CMMC Level 2 Standard, NIST 800-171, for those looking for further assurance beyond just a self-assessment. These engagements can be performed individually or in conjunction with an existing SOC 2 audit, e.g., SOC 2+ NIST 800-171.
For more information, please contact us.