CMMC/CUI Compliance & Accreditation

We are located on the island of Oahu and our team has over 30+ years of experience in IT for the Federal Government at the highest levels of security and over 2 years of specific experience helpin g clients prepare for NIST 800-171 and CMMC Maturity Levels 1 – 3.

We can assist our clients with compliance and accreditation of CMMC/CUI standards as they will become a part of future acquisitions by the Federal Government.

We help you define the scope of the project, interview staff, collect evidence of compliance and provide comprehensive reports that you can supply to an assessor.

We use a hands on approach so that we can be sure to capture all of the nuances of your system and not provide a cookie cutter assessment. We can do a pre-assessment and provide policies/procedures and reports needed to prepare for your Certified CMMC Assessment.

Background:

The Cybersecurity Maturity Model Certification (CMMC) was developed by the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)).

The CMMC standard will be incorporated into the Defense Federal Acquisition Regulation Supplement (DFARS) and become a requirement for contract award. An implementation will be announced soon.

The following links provide a detailed breakdown of the practices required based on CMMC Levels 1 -3:

• Level 1 – 17 Practices (17 NIST SP 800-171 Rev 2 Controls)
• Level 2 – 48 Practices (48 NIST SP 800-171 Rev 2 Controls)
• Level 3 – 45 Practices (45 NIST SP 800-171 Rev 2 Controls)

References:

• CMMC Main Page: https://www.acq.osd.mil/cmmc/index.html
• CMMC FAQs: https://www.acq.osd.mil/cmmc/faq.html
• Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations: https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final
• NIST Special Publication 800-171 Revision 2 [PDF]: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r2.pdf