Cybersecurity Maturity Model Certification (CMMC)
Why Choose Logical Security Services?
- Significant experience both implementing and auditing security controls required under CMMC.
- Direct experience implementing NIST 800-171 controls as a government contractor.
- Formalized process for assisting companies in their CMMC compliance effort.
- Strong relationships with service and security tool providers.
Why CMMC Was Developed
The Department of Defense (DoD) is supported by over 300,000 companies that collectively make up the defense industrial base (DIB). In supporting the DoD, many of these companies collect, process, and store sensitive government information (Confidential Unclassified Information, CUI) on their company networks. This information is being constantly targeted by adversaries of the United States and as a result must be adequately protected from unauthorized disclosure.
Currently, the DoD requires companies to self-certify that they are complying with security requirements outlined in their contracts with the government. These requirements largely consist of security controls identified in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Revision 2, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.
While companies have been self-certifying, several significant compromises have shown that companies are not adequately protecting this sensitive information. Under the existing model, companies often claim they are compliant even though a significant number of their controls have not been implemented. These controls are often listed in a Plan of Action and Milestone (POA&M) with some future date identified for implementation.
To address this issue, the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S) developed the Cybersecurity Maturity Model Certification (CMMC). CMMC will require companies that want to do business with the DoD to first obtain independent certification that their controls are in place and operating as intended. These independent assessments will be performed by Certified Third-Party Assessor Organizations (C3PAO).
How Logical Security Services Can Help with Your Compliance Effort
Implementing the cybersecurity controls required under CMMC can be a complex and time-consuming effort. Organizations need a firm understanding of their business, and a clear plan on how security controls will be effectively and efficiently implemented to adequately protect whatever government data they are collecting, processing, or storing. There are a significant number of things companies should consider before designing and implementing required security controls.
Logical Security Services is uniquely positioned to help companies meet these challenges. Our over 20 years of experience in the federal government has given us a detailed understanding of the NIST controls companies are required to implement. Our experience with these controls has included both assisting agencies with their implementation and independent verification that the controls are in place and operating effectively. Further, having worked as a government contractor supporting the DoD, our founder George Bills has direct experience with the issues and challenges of implementing the NIST controls in a commercial business. This experience has been used to develop a formal methodology that Logical Security Services applies when assisting companies with their CMMC needs.
For more information on how Logical Security Services can assist you with your CMMC compliance needs, contact us for a free consultation.