How CyberOne can help you build your SSP
If your organization works as a defense contractor, it must assure that it has done its due diligence to comply with all applicable NIST, DFARS, and CMMC compliance requirements.
CyberOne can help by automating documentation collection for CMMC compliance (and multiple other frameworks) through integration or automated notifications and our best-in-class portal.
CyberOne supports global compliance frameworks and security requirements, including FedRAMP, NIST, ISO, COSO, CIS, and more — and provides cross-references to existing documentation you may already have in place to support CMMC mapping.
CyberOne simplifies the self-assessment process by delivering a single, central dashboard to help you visualize your compliance stance, across all applicable frameworks; identifying the gaps in your cybersecurity program, and telling you how to fill them.
CyberOne doesn’t pay for marketing. Our clients do it for us.
Automated compliance and risk management from a single source of truth.
See it here today
Get CMMC Level 1 Certification guaranteed for $5,000
Breaking news! New Department of Defense contractor cybersecurity standards appeared into a government-wide federal contract. This is before language around the new program has officially landed in defense contracts. The Cybersecurity Maturity Model Certification (CMMC) was included in the General Services Administration’s $50 billion STARS III contract, posted earlier this week.
CMMC is the new cybersecurity certification standards to be implemented into all DOD contracts over the next five years. All contractors require a minimum of Level 1 certification.
Contact CyberOne for more information on CMMC and Certification options
CyberOne is pleased to provide you with some resources below to help you prepare for and implement CMMC Certification.
CMMC Funding Support for DIBs
CMMC Certification Levels 1-5 explained
CMMC Certification: Where and When to Start
Fedscoop – resource for articles and updates on CMMC, including funding sources, certification steps, and general information.
SmallGoveCon – Legal news for small government contractors
CMMC Main Oversight Body – The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD) provides regular
CMMC Accreditation Body National Conversation Series. These recorded presentations led by the CMMC Advisory Board
(NDISAC) The National Defense Information Sharing and Analysis Center – For information on CMMC implementation at all levels
(DIBSCC) The defense Industrial Base Sector Coordinating Council
National Contract Management Association: NCMA
(NIST) National Institute for Standards and Technology
Undoubtedly, as a DoD or government contractor, you’re beginning to hear more and more about CMMC Certification. CMMC currently only applies to DoD contractors. The broader security community, however, believes CMMC is the wave of the future and likely to be replicated across multiple Federal Agencies in the not so distant future.
If you are in the SMB category, like so many of us, and holding a Federal contract, either directly or through a Prime, you are likely wondering what your next steps should be? Most importantly, you want to know how much it is going to cost and now and in the future. The first set of good news is that most of us only need achieve Level 1 certification. Certification at this level can be achieved for less than $10,000.
That number may still be a heavy lift for some, particularly in light of our uncertain economy and, of course, COVID. More good news! For companies needing to boost their cybersecurity efforts in response to CMMC, there’s hope. The SBA and DOD have tried to provide assistance, where possible, to small business federal contractors. Your local Procurement Technical Assistance Center might have resources available, too.
If you are a manufacturer, there may also be grants available through MEP’s (Manufacturing Extension Partnership Centers) run through the National Institute of Science and Technology (NIST).
Finally, the DOD has announced that cybersecurity costs will be an “allowable cost” under DOD contracts, which could allow small business prime contractors the chance to recover some of the associated compliance costs.
Unfortunately, there are still a lot of “if’s” “but’s” and maybe’s” when it comes to funding and costs for CMMC. You’re best bet then is to find a company that guarantees certification for the lowest price possible.
Interested in CyberOne Certification? Contact us at: firstname.lastname@example.org or find us here.
Here is what our customers say on Capterra
The CMMC model ensures that DoD Contractors meet the specific certification-level cybersecurity requirements for the data they are handling. There are five CMMC Certification levels, but this in itself is misleading. An estimated 75% of vendors will only need Level One Certification. 25% will need Level Two or Three, and only a small 5% will need Level Four or Five.
Which level is right for you? We explain each of the five levels below. You can also click here to jumpstart your certification process.
Level 1. “Basic Hygiene”
Level 1 covers 17 CMMC model requirements and those set forth in 48 CFR 52.204-21. Contractors looking to achieve a Level 1 status need to have basic cybersecurity controls in place. These include basic Asset Management, Authentication, and Access Controls, or, frequent passwords changes, unique user accounts, and anti-virus software, Organizations in this category are more likely to deal with Federal Contract Information (FCI) rather than handling CUI. There is no requirement for a process maturity rating at this level, however, it’s something to consider.
Level 2. “Cyber Hygiene”
Level 2 is a transitional step to Level 3 and brings forward the need to implement Nist SP 800-171. This is due to an expanded scope from protecting FCI to protecting CUI. If you are already implementing Nist SP 800-171, then we recommend that you look for a solution to map your existing controls to CMMC and jumpstart your certification.
Level 3. “Good Cyber Hygiene”
Organizations seeking to gain Level 3 certification must demonstrate that they have implemented effective security controls and that they have the ability to protect CUI. This includes compliance with all security requirements of NIST 800-171 and DFARS Clause 252.204.7012. Effectively, Level 3 is demonstrated implementation of all Level One and Two policies and procedures. Demonstrating implementation requires continuous control monitoring. Your spreadsheet is not your friend here!
Level 4. “Proactive”
Level 4 covers pro-active measures to safeguard CUI from Advanced Persistent Threats. These are mostly nation-state sponsored threat actors who are highly dangerous to the nation’s security, often referred to as APTs. Certification at this level requires compliance with 110 NIST 800-171 Requirements plus 46 other practices across all 17 domains of the CMMC model.
Level 5. “Progressive”
Level 5 is “optimization”. Certification automatically implies that the contractor meets all criteria set by the CMMC including all requirements at Levels 1-4. Organizations must have an advanced or progressive cybersecurity program in place.
For more information on how to get CMMC certified, email us at: email@example.com or find us here.
Read what our clients say about us on Capterra