Looking for guidance on CMMC Compliance?
​

Let us help you with your CMMC Assessment!


​

The theft of intellectual property (IP) and sensitive information from all industrial sectors due to malicious cyber activity threatens economic security and national security. Malicious cyber actors have targeted and continue to target the Defense Industrial Base (DIB) sector and the supply chain of the Department of Defense (DoD). Our Security Assessment and Testing Solutions include working with customers in designing and validating assessment and test strategies. Additionally, we conduct security control testing, collect security process data, analyze and report test outputs and conduct and facilitate third-party audits.  CyberProtex can help! ​

CMMC and NIST 800-171
​
Gap Assessments


CERTIFIED CMMC ASSESSORS (CCA)

CyberProtex is a provisional Certified CMMC Assessor (CCA). This means we have a team of engineers that work in an assessor capacity on Level 2 assessments. Our skilled engineers perform an evaluation of the security strengths and weaknesses of your organization to ensure that networks, systems, personnel, and processes are in compliance with CMMC.


​

CMMC and NIST 800-171 Baselining and POAM

CyberProtex benchmarks CMMC controls against standards outlined in CMMC documentation and lean on guidance from the SP 800-171 for specific compliance to controls.  Our security engineers will provide a cyber security roadmap with technical improvements to enhance cyber security posture. This process takes steps to mitigate risks through administrative policies and procedures, as well as technical solutions for CMMC Compliance. CyberProtex will evaluate all NIST SP 800-171 controls including:

AC - Access Control
AU - Audit and Accountability
AT - Awareness and Training
CM - Configuration Management
CP - Contingency Planning
IA - Identification and Authentication
IR - Incident Response
MA - Maintenance
MP - Media Protection
PS - Personnel Security
PE - Physical and Environmental Protection
PL - Planning
PM - Program Management
RA - Risk Assessment
CA - Security Assessment and Authorization
SC - System and Communications Protection
SI - System and Information Integrity
SA - System and Services Acquisition

CyberProtex assesses your compliance and mitigates deficiencies to defend your network and pass your next audit! Our certified engineers will implement solutions  that are CMMC Compliant for your organization

CMMC CERTIFICATION OVERVIEW
​DoD released version 2.0 of the CMMC standards on November 17, 2021. Eventually, when CMMC rulemaking is complete, nearly every company engaged in a DoD contract or subcontract that requires the storage, transmission, or processing of Controlled Unclassified Information (CUI) or Federal Contract Information (FCI) will need to be CMMC certified at one of the three (3) levels of the maturity model.

While the certification process for Organizations Seeking Assessment (OSCs) has not yet commenced, organizations can and should be implementing the CMMC standard directly aligned with NIST SP 800-171 (and NIST SP 800-172 for Level 3 Certifications). Prime contractors should also be developing programs to prepare their subcontractors to whom CMMC level requirements will flow down. The level of required CMMC certification will be specified in each specific contract awarded.

The 110 security requirements included in NIST 800-171 SP 800-171 are part of the CMMC Levels 1-3 certification requirements. Per an interim rule effective November 30, 2020, contractors must have a current (not older than three years) National Institute of Standards and Technology SP 800-171 U.S. Department of Defense Assessment on record. This interim rule allows organizations to close the gap between DFARS and CMMC requirements.

CMMC Level 2 requires a CMMC Third-Party Assessment Organization (C3PAO) to independently assess an OSC to certify conformance to the NIST standard. Once attained, certification for an OSC will last three years.