The Cybersecurity Maturity Model Certification (CMMC) program, which launched in 2019, is required for Defense Industrial Base (DIB) contractors and subcontractors that do business within the Department of Defense (DoD) supply chain.
CMMC aims to protect the security and resiliency of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) and establish a foundation for an adequate security posture. Lack of CMMC certification will prevent contract wins and renewals.
As an MSSP and Registered Provider Organization, ProArch has performed a wide range of consultative services around DFARS and CMMC.
Our Registered Practitioners never let a client go into an audit without knowing they will pass the audit.
Who is affected?
Organizations that are part of the DoD supply chain will fall under CMMC obligations even if they are a few steps removed in the supply chain from the DoD. This is because there are “flow down” requirements for sub-contractors, subs of sub-contractors, and so on to comply.
Any organizations that handle Federal Contract Information (FCI) will be required to be CMMC Level 1 or higher certified
Any organizations that handle CUI, CDI, ITAR data will be required to be at a minimum CMMC Level 3 certified
Any organizations that are performing contracts that reference flow down requirements of DFARS (252.204-7012)
ProArch CMMC Compliance and Security Services
ProArch’s team of CMMC Registered Practitioners can guide your organization through the full journey to achieving CMMC certification.
ProArch’s Security Consultants will walk you through each of the CMMC control requirements, capture what you have in place to satisfy the obligations, and build a roadmap to meet your compliance objectives.
Security Control Implementation
Documenting policies and procedures specific to CMMC and your organization is challenging. Our Security Team is skilled in technical and compliance documentation, honed from years of efforts on our clients’ behalf.
Compliance Maintenance Managed Services
Compliance requirements change, remediation efforts are never one-and-done, and recertifying requires on-going efforts. ProArch’s compliance managed services will help you track, adjust, and stay informed while reporting and assisting in maintaining CMMC compliance.
Monitor, Detect, and Respond (MDR) Managed Services
Continuous monitoring for indicators of compromise of critical assets is no longer an option. ProArch’s MDR services, which includes 24x7 SOC monitoring, will provide a view into attempts by malicious actors to breach and exploit your systems.
Outsourced Chief Information Security Officer (vCISO)
A vCISO helps drive progress on the full engagement to meeting compliance and implementing additional security controls.
Incident Response Planning
CMMC requires a documented incident response plan that acts as a playbook for detecting, responding, and recovering from a security incident. Having cyber insurance does not equate to an incident response plan.
Our mantra is to “never let a client go into an audit without knowing they will pass the audit.”
ProArch’s CMMC consulting services will help you prepare for the CMMC certification audit by:- identifying gaps in your cybersecurity controls
- building a remediation plan that aligns with budget
- develop policies and procedures that demonstrate your compliance with CMMC requirements
Contracts will be tagged by a CMMC maturity level starting in 2021
Lack of CMMC certification will prevent new contract wins and renewals
Sub-contractors must adhere to ‘flow down’ requirements