On January 31, 2020, the US Department of Defense (DoD) released the Cybersecurity Maturity Model Certification or CMMC. This significantly changed the rules of the game for defense contractors. For the US and the economy's safety and security, keeping confidential military and government information safe from unauthorized access is paramount. The CMMC aims to do just that.
Do you do business with the DoD? Then obtaining CMMC Certification is critical to keeping and growing your business. Our CMMC GAP Assessments will give you access to industry experts and leaders on how to achieve CMMC Certification.
The CMMC standard consists of 5 maturity levels and 171 total security best practices. The intention of CMMC is to standardize the security practices of DoD contractors to ensure they are consistent, repeatable and commensurate with the needs of the business, building upon each level in a cumulative manner across 18 domains
Before the passage of the CMMC in January, contractors who worked with the DoD were only required to self-attest their compliance with DFARS and NIST SP 800-171. ow, defense contractors that process sensitive government data directly or through a subcontractor must meet more stringent compliance standards. The CMMC changed these requirements drastically and now require a third-party certification for contractors to meet the new CMMC model.
The security requirements of CMMC are derived from a couple of standards and consist of controls across the following 18 domains:
In the past, defense contractors were directly responsible for implementing critical cybersecurity protocols with minimal oversight and were permitted to self-assert compliance. But the CMMC changed these requirements drastically and now require a third-party certification for contractors to meet the new CMMC requirements.
For DoD contractors, knowing the CMMC requirements, preparing for certification, and implementing the necessary protocols is vital to their business's health and longevity. While the CMMC certification is new, the process for becoming CMMC compliant isn’t.
Vancord is is becoming Registered Provider Organization with Registered Practitioners on staff. We have experience helping manufacturers and research institutions identify and remediate their NIST 800-171 and CMMC gaps to prepare them for certification. Vancord only provides Gap assessment and remediation services and can provide recommendations for the CMMC certification work. For conflict of interest reasons, the same vendorcannot do both the certification as well as the Gap assessment and remediation. There's a range of mandatory cybersecurity procedures that contractors must implement to protect sensitive data from criminals.
Start preparing now for long-term cybersecurity agility. Our CMMC Certification Service will help you find the gaps in your cybersecurity networks, eliminate security weaknesses, and become CMMC Certified. Request a meeting with our compliance experts today to get started.
“Vancord understands the unique aspects of a higher-education institution, which made them a perfect partner for us.”
“Vancord helped us uncover vulnerabilities in our system, protecting us from a breach that could have been very damaging to our institution.”
“Vancord exhibited outstanding professionalism and commitment throughout the project, keeping us secure during this crucial time for connectivity.”
“You want Vancord in the fox hole with you if you ever have a breach or other security incident. Vancord’s support and availability throughout the entire response were phenomenal and its follow-up activities to ensure we were incident resilient going forward allows me to sleep well at night.”