Are you ready for CMMC?

Whether you are manufacturer, or a service provider, you may be subject to the new Department of Defense cybersecurity requirement for the US Defense Industrial Base: Cybersecurity Maturity Model Certification (CMMC) will be mandatory for any organization that supports the DoD or its supply-chain. As a Registered Provider Organization, we help you prepare for the certification.

CMMC in a Nutshell

The Department of Defense supply-chain is exposed to cybersecurity crime and theft. To remedy the short-comings, the DoD supply-chain has to adopt demonstrable cybersecurity standards encapsulated by CMMC. Those standards are broken to three levels, L1, L2 and L3.

Who is CMMC for? All Department of Defense Contractors, Subcontractors and Entities that Support the Primes

Manufacturers

Manufacturing firms working with the DoD, a Prime or Prime Contractor. Firms holding CUI, Federal Contract Information (FCI) or Controlled Defense Information (CDI) will require CMMC Level 2 certification.

Software Engineers

Software development firms support the DoD as well its Prime contractors. In doing so, they may hold Controlled Unclassified Information (CUI) and will thus be required to meet CMMC Level 2 certification.

Service Providers

Service providers such food services, lawn mowing companies, cleaning crew, and more can frequently handle Controlled Unclassified Information. As a result they are required to implement NIST 800-171 and prepare for a CMMC audit.

Commerical Off the Shelf - COTS

Many defense contractors provide commercial off the shelf goods to the Department of Defense. These firms are likely to be excluded from CMMC Level 2 requirement, but will still have to implement CMMC Level 1.

CMMC Preparation - A Mountain we Help you Climb

CMMC is a technically advance cybersecurity assessment and requires care and due diligence. As a certified Registered Practitioner Organization, Ace of Cloud assists companies of all size prepare for the Cybersecurity Maturity Model Certification (CMMC). AOC has extensive experience assessing compliance and meeting with the underlying regulatory and cyber security frameworks that make up CMMC, having conducted thousands of assessments based on the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, 800-53, ISO 27001/270022 and many others.

CMMC Preparation: Step 1

AOC will assess your current state of compliance via policies, procedures and system security plans

Things to Know

SPRS Score Submission to the DoD are Due Now

The DoD requires Prime Contractors and their Subcontractors to submit their Supplier Performance Risk System (SPRS) scores. Have you submitted yours? Incorrect information on your score can potential lead to legal liabilities. Work with us to submit your determine and submit your SPRS score.

GAP Assessment - Develop and Understand

How's your current level of CMMC preparedness compared to the required standard? If you were audited today, what would the auditors find? This is the purpose of a GAP Assessment. Our in-house GAP Assessment tool makes it easy to benchmark your current status and chart a course for full compliance.

NIST 800-171 and CMMC Level 2

CMMC Level 2 requires the same controls as listed in NIST 800-171. This is good news for contractors who are already on their journey for full CMMC compliance.

Get in Touch

Schedule a Risk-Free Consultation with our team and start the compliance process.