Colin Bowers (President Ramparts) Colin@RampartsSecurity.com
CybersecurityMaturity Model Certification (CMMC) Facts:
CMMC is a DoD Mandate for bidding on DoD Acquisitions (For RFIs and RFPs in 2020).
CMMC will be part of the cost of doing business with the DoD, which can be factored into your bids.
Ramparts is preparing to offer CMMC Auditor Services for all 5 CMMC levels.
CMMC Auditor Service Providers will not be allowed to sell other cybersecurity services.
Ramparts wants to be your CMMC Auditor Service Provider.
Your honest broker and advocate to get your company through the CMMC process.
Ramparts has the expertise and is planning on certifying companies at all 5 CMMC levels.
CMMC will have 5 Levels of certification.
Unlike past certifications, self certifications are being eliminated.
All audits must be done by a 3rd party Certified CMMC Auditor.
DoD RFP bids will have CMMC level requirements in sections L & M.
Your company as a potential DoD contractor will need the appropriate CMMC level certification.
ALL DoD contractors (primes and subcontractors) will be affected by CMMC, no exceptions.
CMMC Technical Practices:
Level 1: Demonstrate Basic Cyber Hygiene Level 2: Demonstrate Intermediate Cyber Hygiene Level 3: Demonstrate Good Cyber Hygiene and effective NIST SP 800-171 Rev 1 cybersecurity Level 4: Demonstrate a substantial and active cybersecurity program Level 5: Proven ability to optimize capabilities to try to repel advanced persistent threats
CMMC Process Maturity: Level 1: No process maturity Level 2: Standard operating procedures, policies, and plans are established for all practices Level 3: Activities are reviewed for adherence to policies, procedures, and resources Level 4: Activities are reviewed for effectiveness and management is informed of any issues Level 5: Activities are standardized across the organization and improvements are shared
The CMMC is still in draft. Ramparts is working with the CMMC Accrediting Body, and can answer your questions concerning current status, impact to your company, and how to prepare.
To discuss what CMMC level is appropriate for your company,