wilsoncgrp

Cybersecurity Maturity Model Certification

Get ready for CMMC with our effective compliance consulting and remediation services. Reduce the level of efforts & risks. Start your journey with WCG today to maintain and win DoD business.

What is CMMC?

The Cybersecurity Maturity Model Certification (CMMC) is the Department of Defense’s (DoD) latest verification mechanism designed to ensure that cybersecurity controls and processes adequately protect Controlled Unclassified Information (CUI) that resides on Defense Industrial Base (DIB) systems and networks.

The CMMC establishes five certification levels that reflect the maturity and reliability of an organization’s cybersecurity infrastructure to safeguard sensitive government information on contractors' information systems. This framework is the vehicle by which the government will mandate a contractor’s cyber security maturity level to be verified by an independent third-party audit.

CMMC Timeline

October 2019

CMMC implemented requirements released

Phase 01

January 2020

Version 1.0 finalization; compliance checklist released

Phase 02

June 2020

DOD Signed Memorandum of Understanding with CMMC Accreditation Board

Phase 03

September 2020

Interim version was published

Phase 04

October 2020

CMMC will begin appearing in Requests for information (RFIs)

Phase 05

Early 2021

CMMC will begin appearing in Requests for proposals (RFPs) in early 2021

Phase 06

Are you compliant?

The CMMC is mandatory for all contractors doing business with the DoD at any level. All contractors are required to obtain a CMMC certification. This includes all suppliers at all tiers along the supply chain, small businesses, commercial item contractors and foreign suppliers. No organizations are permitted to receive or share DoD information related to programs & projects without having completed the CMMC Compliance.

Please note: As of October 2020, the CMMC-AB is working through its initial stand up phase and working to meet the requirements of the DoD. So, no contractors are currently CMMC certified.

The CMMC Framework

Includes highly advanced cybersecurity practices. The processes involved at this level include continuous improvement across the enterprise and defensive responses performed at machine speed. This level requires an additional 34 controls.

Includes advanced and sophisticated cybersecurity practices. The processes at this level are periodically reviewed, properly resourced, and are improved regularly across the enterprise. In addition, the defensive responses operate at machine speed and there is a comprehensive knowledge of all cyber assets. This level has an additional 95 controls beyond the first three Levels.

Includes coverage of all NIST SP 800-171 Rev. 1 controls and additional practices beyond the scope of current CUI protection. Processes at this level are maintained and followed, and there is a comprehensive knowledge of cyber assets. This level requires an additional 91 security controls beyond those covered in Levels 1 and 2.

Includes universally accepted cybersecurity best practices. Practices at this level would be documented, and access to CUI data will require multi-factor authentication. This level includes an additional 115 security controls beyond that of Level 1.

Includes basic cybersecurity appropriate for small companies utilizing a subset of universally accepted common practices. The processes at this level would include some performed practices, at least in an ad hoc manner. This level has 35 security controls that must be successfully implemented.

How WCG can help?

It is never late to evaluate your cybersecurity posture. WCG is your reliable partner that understands the compliance landscape and has the experience of working with federal third-party vendors. Although the CMMC-AB program is not yet finalized, we are offering consulting and remediation services based on the latest draft version of the certification model to help you get ready for CMMC Compliance. If you do not know where your organization stands, WCG provides the following:

CMMC Consulting

WCG provides

  • a top-down assessment and gap analysis of your organization’s cybersecurity posture,
  • identification of the CMMC scope to help your organization align with CMMC controls, and
  • a comprehensive readiness assessment report with concise and clear recommendations
CMMC Remediation

WCG works with our clients to develop a Plan of Action customized to their organizations to:

  • address deficient controls,
  • close the gap on compliance, and
  • reach your desired, targeted CMMC-level and become compliant.

Why WCG?

Knowledgeable and Experienced Team

Our team has unparalleled experience aiding governments and businesses around the world in defending themselves against cybercrime, reducing risks, complying with regulations, and transforming their IT, security operations & infrastructure.

Practical Guidance

WCG has hands-on IT experts who have extensive knowledge and experience helping businesses.

Reasonable Pricing

We provide simple, straightforward pricing with no hidden agenda, miscellaneous charges, or add-on fees.

Personalized Customer Service

Our personable, dedicated staff to answer any questions you have at any time throughout the process.

Proven Track Records

WCG has an exceptional reputation and track record for numerous services.

Adopting to Your Needs

We develop and customize an approach that suits your immediate requirements and future goals. To achieve this, WCG will provide pragmatic insights and balanced views on how to prioritize any associated actions.

roleImpact
Role and Impact of Women in Technology

Even with the underrepresentation of women in the technology industry, many women have taken ...

covid
COVID-19 Facts: How Business Leaders Should Take Action

At the current time, much is unknown about the COVID-19 pandemic that has swept the globe. However ...

securityrisk
Surviving Security Risks Existent in Third-Party Software

Third-Party Software is comprised of software libraries, modules and other components ...

Services you may be interested in