Are You Ready for CMMC?
The Cybersecurity Maturity Model Certification (“CMMC”) is a unified cybersecurity standard for Department of Defense (“DoD”) acquisitions, aimed at securing the Defense Industrial Base (“DIB”) supply chain. This standard was updated in November of 2021 and is referred to as “CMMC 2.0”.
The previous five-level model introduced in CMMC 1.0 has been reduced to a three-level model. The new levels as illustrated in the graphic below, are as follows:
- CMMC level 1 – same as previous level (Foundational Level)
- CMMC level 2 – same as former CMMC level 3 minus the 20 DoD CMMC controls (Advanced Level)
- CMMC level 3 – same as proposed CMMC level 5 which is NIST 800-171 and some NIST 800-172 controls (Expert Level)
Cherry Bekaert’s CMMC Certifications
How Cherry Bekaert Can Help
As a CMMC Registered Practitioner Organization (“RPO”), Cherry Bekaert helps Organizations Seeking Certification (“OSC”) navigate the CMMC, as well as related DFARS and NIST certifications, to prepare for a CMMC assessment by way of:
|
Certification Level Identification & Consultation |
System Boundary Determination |
Assessment Approach Considerations (entity-level vs enclave vs hybrid) |
|
Control Definition & Design |
Documentation Development |
Mapping to Existing Frameworks such as NIST 800-53/171 (FedRAMP, FISMA, DFARS 7012), ISO 27001/2, SOC 2, PCI, HITRUST and Others |
|
Gap Analysis |
Remediation Design & Verification |
CMMC Assessments for Certification |
As a candidate Certified 3rd Party Assessment Organization (“C3PAO”), Cherry Bekaert will complete assessments for certification for CMMC Maturity Levels 2. In addition, Cherry Bekaert offers attestation engagements for organizations for Levels 1 and 2. These can be standalone engagements or teamed with an existing SOC 2 report, e.g. SOC 2+ NIST 800-171.
