CMMC

Cybersecurity Maturity Model Certification (CMMC)

CMMC is a cybersecurity program instituted by the Department of Defense (DoD) that was designed to ensure that there is a minimum level of security in place for DoD contractors’ networks. This minimum level of security is focused around ensuring confidentiality, and specifically the confidentiality of Controlled Unclassified Information (CUI).

Schedule a Free Consultation

Home

The security controls required to be implemented for CMMC are defined within National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.

CMMC will ultimately be required for all contractors doing business with the DoD. This includes prime contractors, subcontractors and their partners – any party that is handling any type of CUI Controlled Defense Information (CDI) or Federal Contact Information (FCI). Contractors will be required to meet one of the three CMMC certification levels, and prove that security controls have been implemented via independent assessors. Ultimately, new contract awards and ongoing contract continuance will require CMMC compliance.

post-text

CMMC defines 3 different levels of compliance depending on the type of information contractors are handling.

Level 3 – Expert

Requires the implementation of 130 controls from NIST 800-171 & NIST 800-172. The expectation is that all processes are highly mature and continually improved. Independent assessment is required for organizations that have a requisite to adhere to CMMC Level 3.

Level 2 – Advanced

Requires implementation of 110 controls from NIST 800-171. The expectation is that organization have mature processes that are in place and are consistently followed. Independent assessment is required for organization that have a requisite to adhere to CMMC Level 2.

Level 1 – Foundational

Includes basic cybersecurity control mechanisms generally suitable for smaller companies. Companies certified at this level are not expected to have mature processes in places. This level requires 17 controls, an annual self-assessment and sign off by executive management.

GAI Cyber is a Registered Provider Organization (RPO) and our team consists of certified Registered Practitioners (RP) that have been accredited by the CMMC-AB (CMMC Accreditation Body). We are certified to provide consultative services for organizations seeking CMMC accreditation and have assisted organizations with NIST 800-171 implementations since 2015. Our team will determine what CMMC compliance requirements apply to your organization – don’t put your government contracts and partners in jeopardy.

CMMC Compliance Solutions Architected From Scratch

CMMC Compliance Consulting Engagements Completed

Client Retention

GAI Compliance Solutions.

Governance, Strategy and Risk

Design. Implement. Execute.

Learn More

Vulnerability Scanning

Identify. Investigate. Remediate.

Learn More

Penetration Testing

Proactively protect your assets and your data.

Learn More

Ready to get started?

GAI Cyber Solutions, LLC is a U.S. based company located in Northern Virginia. We offer a variety of Cybersecurity Services with an emphasis on bringing cybersecurity expertise to the recruitment arena.

We welcome you to contact us for more information about our top-tier compliance solutions. Together we can make a difference in the compliance journey.

Contact to an expert

GAI Cyber Solutions

CMMC

About CMMC

3 levels of compliance

Level 3 – Expert

Level 2 – Advanced

Level 1 – Foundational

Services

Consulting

Why GAI Cyber Solutions

CMMC Compliance Solutions Architected From Scratch

CMMC Compliance Consulting Engagements Completed

Client Retention

GAI Compliance Solutions.

Governance, Strategy and Risk

Vulnerability Scanning

Penetration Testing

Ready to get started?

Let's work together!

CALL: 703-626-8388