On January 31, 2020, the US Department of Defense (DoD) released the Cybersecurity Maturity Model Certification or CMMC. This significantly changed the rules of the game for defense contractors. For the US and the economy's safety and security, keeping confidential military and government information safe from unauthorized access is paramount. The CMMC aims to do just that.

Do you do business with the DoD? Then obtaining CMMC Certification is critical to keeping and growing your business. Our CMMC GAP Assessments will give you access to industry experts and leaders on how to achieve CMMC Certification.

What is CMMC?

The CMMC standard consists of 5 maturity levels and 171 total security best practices. The intention of CMMC is to standardize the security practices of DoD contractors to ensure they are consistent, repeatable and commensurate with the needs of the business, building upon each level in a cumulative manner across 18 domains

  • Level 1 performs the most basic fundamental cyber hygiene
  • Level 2 documents the practices and policies, transitioning to a more mature model to protect CUI
  • Level 3 requires a plan that demonstrates the management of implementing the practices and policies that protect CUI and includes all controls in NIST 800-171
  • Levels 4 focuses on reviewing and measuring the practices and policies for effectiveness of CUI protection from APTs.
  • Level 5 optimizes and standardizes the documented approach comprehensively throughout the organization

What are the Compliance Requirements

Before the passage of the CMMC in January, contractors who worked with the DoD were only required to self-attest their compliance with DFARS and NIST SP 800-171. ow, defense contractors that process sensitive government data directly or through a subcontractor must meet more stringent compliance standards. The CMMC changed these requirements drastically and now require a third-party certification for contractors to meet the new CMMC model.

The security requirements of CMMC are derived from a couple of standards and consist of controls across the following 18 domains:

CMMC Domains

  • Access Control
  • Incident Response
  • Risk Management
  • Asset Management
  • Maintenance
  • Security Assessment
  • Audit & Accountability
  • Media Protection
  • Situational Awareness
  • Awareness & Training
  • Personnel Security
  • System & Communications Protection
  • Configuration Management
  • Physical Protection
  • System & Information Integrity
  • Identification & Authentication
  • Recovery

In the past, defense contractors were directly responsible for implementing critical cybersecurity protocols with minimal oversight and were permitted to self-assert compliance. But the CMMC changed these requirements drastically and now require a third-party certification for contractors to meet the new CMMC requirements.

Vancord CMMC Certification Services

For DoD contractors, knowing the CMMC requirements, preparing for certification, and implementing the necessary protocols is vital to their business's health and longevity. While the CMMC certification is new, the process for becoming CMMC compliant isn’t.

Vancord is is becoming Registered Provider Organization with Registered Practitioners on staff. We have experience helping manufacturers and research institutions identify and remediate their NIST 800-171 and CMMC gaps to prepare them for certification. Vancord only provides Gap assessment and remediation services and can provide recommendations for the CMMC certification work. For conflict of interest reasons, the same vendorcannot do both the certification as well as the Gap assessment and remediation. There's a range of mandatory cybersecurity procedures that contractors must implement to protect sensitive data from criminals.

Vancord’s CMMC Certification Services will:
  • Perform a Gap assessment
  • Establish objectives and resources for meeting CMMC certification
  • Pinpoint weaknesses and prioritize remediation
  • Develop a tailored plan for system security
  • Prepare a company for certification

Take Action Now

Start preparing now for long-term cybersecurity agility. Our CMMC Certification Service will help you find the gaps in your cybersecurity networks, eliminate security weaknesses, and become CMMC Certified. Request a meeting with our compliance experts today to get started.

What Our Clients Are Saying

CIO - Wesleyan University

Dave Baird

“Vancord understands the unique aspects of a higher-education institution, which made them a perfect partner for us.”

CISO – Wesleyan University & Trinity College

Joe Bazeley

“Vancord helped us uncover vulnerabilities in our system, protecting us from a breach that could have been very damaging to our institution.”

President - Curry College

Ken Quigley

“Vancord exhibited outstanding professionalism and commitment throughout the project, keeping us secure during this crucial time for connectivity.”

CIO - CPCS Public Counselors of Massachusetts

Daniel Saroff

“You want Vancord in the fox hole with you if you ever have a breach or other security incident. Vancord’s support and availability throughout the entire response were phenomenal and its follow-up activities to ensure we were incident resilient going forward allows me to sleep well at night.”