Click to call
Protect The Mission (703) 760-3801
Contact Us
Contact Us
  • Home
  • Resources
  • CMMC Advisory Services

    • Coalfire Federal CMMC Advisory Services

    Solution Sheet

    Your Trusted CMMC Partner

    As one of the first Certified Third-Party Assessor Organizations (C3PAOs) and as a defense contractor also subject to CMMC regulations, Coalfire Federal is uniquely qualified to help you effectively plan, prepare for, and earn you CMMC Certification. 

    Coalfire Federal:

    • is one of the first C3PAOs, with first-hand experience of the assessment process.
    • has been conducting CMMC analysis since 2020.
    • understands cloud services and their role in CMMC.
    • delivers accurate, verifiable results that are on-time and within budget.
     
     

    The Cybersecurity Maturity Model Certification (CMMC) preparation process can seem
    daunting unless you have an experienced, trusted partner that can support your team and
    help you become certification-ready. Coalfire Federal has been providing CMMC Advisory
    Services since early 2020 and has a staff of trained, proficient CMMC experts to help you
    effectively and accurately prepare for your certification.

    CMMC Requirements

    Organizations that contract business with the US Department of Defense (DoD) are currently required to
    implement NIST SP 800-171 best practices. The CMMC, a three-level cybersecurity standards program, will mandate organizations handling CUI to meet the 110 NIST best practices, while also requiring contractors to pass a third-party assessment at Level 2. The DoD projects additional CMMC Interim Rule contracts will be in place by May 2023.

    How Coalfire Federal Can Help

    Coalfire Federal was among the first group of companies to be selected as a CMMC Registered Provider Organization (RPO) and CMMC Third-Party Assessment Organization (C3PAO). Regardless of where you are in your compliance journey, our CMMC advisory and assessment services can help you effectively prepare for your CMMC Certification.

    “We can give you guidelines, we can give you ‘this is what it might look like, this is what we think you should consider,’ but we can’t give you directions.”

    Stacy Bostjanick
    Office of the DoD, Chief Information Officer

    CMMC 2.0 – How It’s Going to Work

    The CMMC aligns the requirements at each level with well-known and widely accepted NIST cybersecurity standards. The Department’s model will significantly improve its supply chain security posture and acquisition confidence in the DIB. Where your organization falls into one of these categories will dictate what measures and practices you will need to put in place and document.

    Level 1 – Foundational

    Applies to companies that focus on the protection of Federal Contract Information (FCI).

    Level 2 – Advanced

    Applies to companies handling Controlled Unclassified Information (CUI).

    Level 3 – Expert

    Intended for companies that collaborate with CUI on the Department of Defense’s highest priority programs.

    Toward a More Secure DoD Supply Chain

    The DoD’s three-level certification model will significantly improve supply chain security posture and
    acquisition confidence in the DIB. Differences reflected in the new CMMC assessment framework include:

    Self-Assessments:

    A CMMC self-assessment is acceptable solely for those companies that are only required to protect the information systems on which FCI is processed, stored or transmitted. Organizations conducting self-attestations for CMMC Level 1 will require an annual self-assessment and an annual affirmation by a senior company official.

    Security Practice Alignment:

    The CMMC is intended to accommodate a majority of DIB contractors that only handle FCI by eliminating maturity process requirements for CMMC Level 1. CMMC Level 2 is designed to align with NIST SP 800-171 and its 110 security practices while eliminating all CMMC-specific and unique security practices.

    Increased Vigilance:

    Instead of check-the-box compliance, organizations must think more in depth about becoming secure and staying that way. Increased vigilance will likely be necessary to achieve and maintain cyber maturity.

    Coalfire Federal is Ready to Help You Become Certification-Ready for CMMC

    As a C3PAO and a Department of Defense contractor also subject to CMMC requirements, Coalfire Federal is uniquely qualified, and armed with first-hand experience, to help you become CMMC assessment-ready. Our services include:

    CMMC CUI Boundary Analysis

    To assist in the determination of in-scope organizational and system environments.

    CMMC Gap Analysis

    To evaluate your organization’s current state of readiness against your targeted CMMC Level.

    CMMC Remediation Support

    To close identified cybersecurity gaps and achieve certification- ready status.

     

    Leverage Coalfire Federal’s industry-leading expertise to get ready for CMMC 2.0. Learn more https://coalfirefederal.com/cmmc/advisory/

    Copyright © 2023 Coalfire Federal. All rights reserved.

     
    Download PDF Version

    Related resources

    The Cybersecurity Maturity Model Certification (CMMC) Journey
    Read More
    CMMC – The Smoke is Clearing
    Read More
    Coalfire Extends Security of Amazon Web Services (AWS)
    Read More