GAP ASSESSMENT
CMMC
CMMC (Cybersecurity Maturity Model Certification) is a unified standard for cybersecurity across the defense industrial base.
CMMC: Cybersecurity Maturity Model Certification
What is CMMC?
The Department of Defense (DoD) has implemented a new verification method called the Cybersecurity Maturity Model Certification (CMMC). This certification represents the Department’s initial effort to lay out precise cybersecurity standards for contractors. Implementing a suitable degree of cybersecurity throughout the defense industrial base’s supply chain is the CMMC’s ultimate goal (DIB). More than 300,000 businesses make up the DIB supply chain, and they are all accountable for adhering to the CMMC’s guidelines for safeguarding unclassified information (CUI).
Information security is acknowledged by the US DoD as a fundamental prerequisite for the Defense Industrial Base (DIB) supply chain. Consequently, starting in late 2021, the US DoD is committed to creating and mandating a unified cybersecurity standard to identify necessary security practices and controls through the DoD acquisition process. Increased security measures against malicious cyberactivity and the prevention of the loss of Controlled Unclassified Information (CUI) are the goals of the Cybersecurity Maturity Model Certification standard.
Five cybersecurity readiness levels will be defined by CMMC and applied to the DIB supply chain under all US DoD contracts. During the course of the five and a half-year rollout, it is anticipated that over 300,000 DIB contractors will be impacted, with the majority needing a Level 1 through Level 3 certification. By using these standards, DIB contractors will be able to put appropriate cybersecurity procedures into place and make sure they’re as dependable and efficient as possible. Relying Party (RP) and Recovery Point Objective (RPO) parameters are also established by the standards to create authorized information safety procedures.
Connect with us
Help with you
- US DoD Contract Compliance (FAR 52.204-21 & DFARS 252.204-7012)
- Required to Obtain/Renew DoD Contracts
- FCI and CUI Management
- DIB Supply Chain Trust & Integrity
- Cybersecurity Processes and Practices
- Alignment to ISO 27001 Annex A Controls
Steps to Certification
Step 1
Step 2
Step 3
Complete a Quote Request Form so that we can understand your company and requirements. You can do this by completing either the online quick quote or the online formal quote request form. We will use this information to accurately define your scope of assessment and provide you with a proposal for certification.
Once you’ve agreed your proposal, we will contact you to book your assessment with an QAI Assessor. This assessment consists of two mandatory visits that form the Initial Certification Audit. Please note that you must be able to demonstrate that your management system has been fully operational for a minimum of three months and has been subject to a management review and full cycle of internal audits.
Following a successful two stage audit, a certification decision is made and if positive, then certification to the required standard is issued by QAI. You will receive both a hard and soft copy of the certificate. Certification is valid for three years and is maintained through a programme of annual surveillance audits and a three yearly recertification audit.
More Certification
ISO 9001
ISO 9001:2015 is the International Standard for Quality Management Systems.
ISO 14001
ISO 14001:2015 is the International Standard for Environmental Management Systems.
ISO 45001
ISO 45001:2018 is one of the International Standards for Occupational Health and Safety.
ISO 27701
ISO 27701:2019 Secunt Techniques is the Extension ISO/IEC 27001 and ISO/IEC 27002 for Privacy Informationc Management (also Personal Information Management).0101
ISO 22000
ISO 22000:2018 is the International Food Safety standard for businesses within the food chain.