NOTICE to All Current or Aspiring Government Contractors
New Compliance Assessment Procedures
The US Department of Defense (DoD) has always required the vetting of all contractors, but with the advancements in cyber-crime and hacking technologies, they have instituted new procedures for all businesses seeking government contracts.
The old model, NIST 800-171, has been replaced by a new program, the Cybersecurity Maturity Model Certification (CMMC). The previous method was that of SELF-Assessment, but with the new multi-level CMMC, the DoD set the standards, then outsourced it to a 3rd Party organizations, who will now be conducting all assessments and certifications.
Starting 2021, any business contracting with the DoD will have to have the minimum certification of CMMC Level 3 (there are 5 levels). All contractors can no longer obtain compliances on their won, but only through a certified body.
With the ever-growing sophistication in the world of cyber-crime, and over 300,000 government subcontractors, the DoD is tightening its grip on cybersecurity compliance. These contractors range from the largest corporations to the smallest. Companies the size of a Lockheed Martin will have little or no problem with these new 3rd Party Compliances.
However, smaller businesses that depend on DoD contracts will typically have to revamp their level of IT services. There will be no more ‘casual’ attitudes towards their IT support. We know of a few companies that were having ‘the owner’s nephew (or brother, friend, etc.) doing their IT on an ‘as needed’ basis. This will no longer allow access to DoD work. As such, all contractors will need to work with a CMMC Certified IT Company, typically a Managed IT Services firm, to ensure that any government data is secure.
IT Support LA is just such a CMMC Certified IT Company
Working with us not only satisfies that requirement, but we can also guide you through the new processes and help you obtain the compliances you need to continue or begin working as a DoD contractor. As for the actual security compliance for your network, our own security measures are more stringent and iron-clad than what the government requires in many areas of concern.
Aside from our vast menu of ‘ Standard’ IT services, we also provide:
- Managed IPS, Firewall, and Security
- CMMC Compliance Assessment
- CMMC Compliance Management
- Policy Development Collaboration
- CMMC Security Implementation Guides
- Security Scans and Analysis
- Advanced Threat Protection
- Intrusion Detection & Response
- Data Breach/Data Loss Prevention
- Disaster Recovery & Restoration
- Forensic Analysis
CMMC Assessment & Compliance Q & A
Q: What do I need to know about CMMC?
A: Quite a few things, but the Top 5 are:
1) The CMMC will apply to ALL DoD contractors, although the program is not fully rolled out yet.
2) You will need a C3PAO (No – not a Star Wars Droid – a CMMC 3rd Party Assessor Organization) to perform your assessment. No C3PAOs have been designated by the CMMC yet.
3) It will be your responsibility to obtain certification through a designated C3PAO.
4) As a responsible business owner, you should already be certifiable for Level 1 – it consists of the most basic Cybersecurity requirements. Check with your IT services department or outsourced IT support provider to be certain you are in compliance.
5) If you are compliant with NIST 800-171 (National Institute of Standards and Technology Specialty Publication 800-171), you are well on your to higher CMMC levels of certification, as many requirements are very similar – some areas may need to be updated for full compliance.
Q: What is a CMMC assessment?
A: A CMMC assessment and compliance certification is mandatory for any current or aspiring DoD contractor. Each certification level has its own assessment and compliance criteria in verifying that the Cybersecurity measures put in place by the prospective contractor meet or surpass the requirements put forth by the CMCC
Q: What does CMMC compliance mean?
A: It means that you have met the criteria for certification at a certain CMMC level. It also means that your IT Support and Services department or vendor is a CMMC Certified IT Support Company. If you have been ‘making do’ with cheap, garden variety IT services, and you want to play in the big government ball game, it’s time to step up to a CMMC Certified Managed Services Provider – it will not only put or keep your company in play, but it will be better for your business overall.
Q: Who needs CMMC compliance?
A: Any company that operates within the DoD supply chain. That means the Prime Contractors that engage directly with the DoD, but also the Prime’s subcontractors.
Q: Who certifies cybersecurity maturity model?
A: The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD – A&S) is the ultimate authority, but the certification itself is provide by the C3PAOs approved by the CMMC.
An excellent first step is to assess where your system is NOW
We offer a 100% FREE Network & Security Assessment and Audit. There is no obligation, no strings attached and. It is free whether you wish to try out Managed IT Services or not. We perform a non-intrusive scan that will show every vulnerability in your system. We then produce a comprehensive report that is yours to keep – to use as you see fit.
Your comprehensive security report, delivered at the conclusion of the assessment, will include:
- An executive summary
- Overview of the assessment scope and objectives
- Assumptions and limitations of the assessment
- Methods and tools used
- Design of the current environment or systems with applicable diagrams
- Security requirements
- Summary of findings and recommendations
- Assessment results:
- General control review
- Vulnerability test
- Risk assessment, including identified assets, threats, vulnerabilities, impact and likelihood assessment, and the risk results analysis
- Recommended actions
Don’t wait another minute. To get started with your free, no-risk security assessment, please let us know how to get in touch with you. Your information will not be shared with any 3rd parties.
Either fill in the form on this page, or call us at:
818-915-0909
Your New and Redefined IT Experience Begins with a FREE Consultation.
Give us a call or schedule online today!