“We can give you guidelines, we can give you ‘this is what it might look like, this is what we think you should consider,’ but we can’t give you directions.”
As one of the first Certified Third-Party Assessor Organizations (C3PAOs) and as a defense contractor also subject to CMMC regulations, Coalfire Federal is uniquely qualified to help you effectively plan, prepare for, and earn you CMMC Certification.
Coalfire Federal:
The Cybersecurity Maturity Model Certification (CMMC) preparation process can seem daunting unless you have an experienced, trusted partner that can support your team and help you become certification-ready. Coalfire Federal has been providing CMMC Advisory Services since early 2020 and has a staff of trained, proficient CMMC experts to help you effectively and accurately prepare for your certification.
Organizations that contract business with the US Department of Defense (DoD) are currently required to
implement NIST SP 800-171 best practices. The CMMC, a three-level cybersecurity standards program, will mandate organizations handling CUI to meet the 110 NIST best practices, while also requiring contractors to pass a third-party assessment at Level 2. The DoD projects additional CMMC Interim Rule contracts will be in place by May 2023.
Coalfire Federal was among the first group of companies to be selected as a CMMC Registered Provider Organization (RPO) and CMMC Third-Party Assessment Organization (C3PAO). Regardless of where you are in your compliance journey, our CMMC advisory and assessment services can help you effectively prepare for your CMMC Certification.
“We can give you guidelines, we can give you ‘this is what it might look like, this is what we think you should consider,’ but we can’t give you directions.”
The CMMC aligns the requirements at each level with well-known and widely accepted NIST cybersecurity standards. The Department’s model will significantly improve its supply chain security posture and acquisition confidence in the DIB. Where your organization falls into one of these categories will dictate what measures and practices you will need to put in place and document.
Applies to companies that focus on the protection of Federal Contract Information (FCI).
Applies to companies handling Controlled Unclassified Information (CUI).
Intended for companies that collaborate with CUI on the Department of Defense’s highest priority programs.
The DoD’s three-level certification model will significantly improve supply chain security posture and
acquisition confidence in the DIB. Differences reflected in the new CMMC assessment framework include:
A CMMC self-assessment is acceptable solely for those companies that are only required to protect the information systems on which FCI is processed, stored or transmitted. Organizations conducting self-attestations for CMMC Level 1 will require an annual self-assessment and an annual affirmation by a senior company official.
The CMMC is intended to accommodate a majority of DIB contractors that only handle FCI by eliminating maturity process requirements for CMMC Level 1. CMMC Level 2 is designed to align with NIST SP 800-171 and its 110 security practices while eliminating all CMMC-specific and unique security practices.
Instead of check-the-box compliance, organizations must think more in depth about becoming secure and staying that way. Increased vigilance will likely be necessary to achieve and maintain cyber maturity.
As a C3PAO and a Department of Defense contractor also subject to CMMC requirements, Coalfire Federal is uniquely qualified, and armed with first-hand experience, to help you become CMMC assessment-ready. Our services include:
To assist in the determination of in-scope organizational and system environments.
To evaluate your organization’s current state of readiness against your targeted CMMC Level.
To close identified cybersecurity gaps and achieve certification- ready status.
Leverage Coalfire Federal’s industry-leading expertise to get ready for CMMC 2.0.
