Search for:
SBA 8(a) Business Development Program Consulting Services
Cybersecurity Maturity Model Certification (CMMC)
Providing You Guidance to Innovate and Grow Your Business
Government Contractor Consulting Services
Healthcare Industry M&A Report: What We Saw in 2021 and What’s Ahead
Cannabis Accounting, Tax & Business Advisory Services
Providing You Guidance to Innovate and Grow Your Business
Government Contractor Consulting Services
Providing You Guidance to Innovate and Grow Your Business
Government Contractor Consulting Services
General Data Protection Regulation (GDPR) for Higher Education Institutions
Government Contractor Consulting Services
Providing You Guidance to Innovate and Grow Your Business
Government Contractor Consulting Services
2021 US Middle-Market Private Equity Report
Advisory, Accounting & Tax Services for Special Purpose Acquisition Companies (SPACs)
Risk Management Consulting Services for the Financial Services Industry
Government Contractor Consulting Services
Providing You Guidance to Innovate and Grow Your Business
Government Contractor Consulting Services
Providing You Guidance to Innovate and Grow Your Business
Government Contractor Consulting Services

COVID-19 Guidance Center

Tax Implications and Financial Business Guidance Regarding the Coronavirus

Transaction Advisory Services

Helping businesses navigate financial due diligence engagements and domestic and cross-border transactions.

Employee Retention Credit Tax Services

Expanded Employee Retention Credit (ERC) & how our professionals can assist you.

Services

Cybersecurity Maturity Model Certification

shadow

Are You Ready for CMMC?

The Cybersecurity Maturity Model Certification (“CMMC”) is a unified cybersecurity standard for Department of Defense (“DoD”) acquisitions, aimed at securing the Defense Industrial Base (“DIB”) supply chain. This standard was updated in November of 2021 and is now considered “CMMC 2.0”.

The CMMC framework consists of three levels and can require an independent third-party certification by an accredited organization:

  • CMMC Level 1 – Basic safeguarding of Federal Contract Information (FCI)
  • CMMC Level 2 – (previous CMMC 1.0 Level 3) Protecting CUI
  • CMMC Level 3 – (previous CMMC 1.0 Level 4 and 5) Protecting CUI and reducing risk of advanced Persistent Threats (APT)

CMMC 2.0 encompasses the following:

CMMC framework

Certification Timeline

Defense Federal Acquisition Regulation Supplement (“DFARS”) Clause 252.204.7021, or the “CMMC Clause” is currently under review. Completion of the Federal rulemaking is expected in 2023.

Cherry Bekaert CMMC Third-Party Assessment Organization Authorization

Cherry Bekaert is authorized by the CMMC Accreditation Body, Inc. (The Cyber AB) as a CMMC Third-Party Assessment Organization (C3PAO). As an authorized C3PAO, Cherry Bekaert assists Department of Defense (DoD) contractors seeking a CMMC assessment with CMMC readiness and Defense Industrial Base Cybersecurity Assessment Center (“DIBCAC”) Joint Surveillance Voluntary Level 2 assessments in partnership with the DIBCAC.

Having undergone Level 2 assessment as a Firm, Cherry Bekaert has a deep understanding of the assessment process to guide DoD contractors seeking a CMMC assessment.

Our services include:

  • Certification Level Identification & Consultation
  • System Boundary Determination
  • Assessment Approach Considerations (Entity-Level vs Enclave vs Hybrid)
  • Control Definition & Design
  • Documentation Development & Review
  • Mapping to Existing Frameworks such as NIST 800-53/171 (FedRAMP, FISMA, DFARS 7012), ISO 27001/2, SOC 2, PCI, HITRUST and Others
  • Gap Analysis
  • Remediation Design & Verification
  • DIBCAC Joint Surveillance Voluntary Level 2 Assessments in Partnership with DIBCAC

Readiness

Our CMMC Readiness Assessments are designed to identify gaps and prescribe pragmatic solutions to remediate, in order to help you achieve the appropriate CMMC Level.

Certifications & Attestations

Our CMMC assessments are streamlined from Planning & Testing though Reporting & Submission to the CMMC-AB to ensure an efficient assessment from beginning to end.

In addition, Cherry Bekaert offers organizations the ability to undergo an attestation to the CMMC Level 1 and Level 2 Standard, NIST 800-171, for those looking for further assurance beyond just a self-assessment. These engagements can be performed individually or in conjunction with an existing SOC 2 audit, e.g., SOC 2+ NIST 800-171.

Contact Our CMMC Team

Related Thought Leadership
Dec 09
Podcast

CMMC 2.0 – Where Does It Stand?

Learn More
Aug 24
Podcast

What’s New with CMMC 2.0? August 2022 Update

Learn More
Mar 03
Podcast

CMMC 2.0 – Current State of Affairs

Learn More
play button
Dec 01
Webinar Recording

CMMC 2.0 Brings Major Program Changes

Watch Now
Nov 09
Podcast

CMMC 2.0 Brings Major Program Changes

Learn More
play button
Oct 18
Webinar Recording

Is CMMC Really Going to Be Required to Win Contracts?

Watch Now
Let's Talk

Steven J. Ursillo, Jr.

Partner, Risk & Accounting Advisory Services

Let's Talk

Let's Talk

Neal W. Beggan

Partner, Risk & Accounting Advisory Services

Let's Talk

Related Services

Cybersecurity

The cybersecurity landscape is constantly evolving. Hackers are increasingly professional and adept—striving to develop at...

Learn More

Government Contractor Consulting Services

Learn More

Risk & Accounting Advisory

Leveraging Enterprise Risk Management for Better Decision Making Learn more about our Enterprise Risk Management (ERM)...

Learn More

Risk Management Consulting Services for the Financial Services Industry

Enterprise Risk Management Services ERM Design & Implementation Business Continuity Resiliency Risk Strategy, Organization and Governance Third-Party Risk Management Operational...

Learn More