September 26, 2022 Marquis Brand
Home

Cybersecurity Maturity
Model Certification (CMMC)

  • Share
Home

CMMC is a cybersecurity program instituted by the Department of Defense (DoD) that was designed to ensure that there is a minimum level of security in place for DoD contractors’ networks. This minimum level of security is focused around ensuring confidentiality, and specifically the confidentiality of Controlled Unclassified Information (CUI). 

The security controls required to be implemented for CMMC are defined within National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. 

CMMC will ultimately be required for all contractors doing business with the DoD.  This includes prime contractors, subcontractors and their partners – any party that is handling any type of CUI Controlled Defense Information (CDI) or Federal Contact Information (FCI). Contractors will be required to meet one of the three CMMC certification levels, and prove that security controls have been implemented via independent assessors. Ultimately, new contract awards and ongoing contract continuance will require CMMC compliance.  

CMMC defines 3 different levels of compliance depending on the type of information contractors are handling.

Level 1 – Foundational

Includes basic cybersecurity control mechanisms generally suitable for smaller companies. Companies certified at this level are not expected to have mature processes in places. This level requires 17 controls, an annual self-assessment and sign off by executive management.

Level 2 – Advanced

Requires implementation of 110 controls from NIST 800-171. The expectation is that organization have mature processes that are in place and are consistently followed. Independent assessment is required for organization that have a requisite to adhere to CMMC Level 2.

Level 3 – Expert

Requires the implementation of 130 controls from NIST 800-171 & NIST 800-172. The expectation is that all processes are highly mature and continually improved. Independent assessment is required for organizations that have a requisite to adhere to CMMC Level 3.

GAI Cyber is a Registered Provider Organization (RPO) and our team consists of certified Registered Practitioners (RP) that have been accredited by the CMMC-AB (CMMC Accreditation Body).  We are certified to provide consultative services for organizations seeking CMMC accreditation and have assisted organizations with NIST 800-171 implementations since 2015. Our team will determine what CMMC compliance requirements apply to your organization – don’t put your government contracts and partners in jeopardy.  

Contact a Cybersecurity Expert.

Are you ready to start your compliance journey? GAI Cyber is ready to assist with any of your compliance, cybersecurity, and privacy needs.

GAI Compliance Solutions.

Governance, Strategy and Risk

Design. Implement. Execute.

Vulnerability Scanning

Identify. Investigate. Remediate.

Penetration Testing

Proactively protect your assets and your data.

Governance, Strategy and Risk

Design. Implement. Execute.

Vulnerability Scanning

Identify. Investigate. Remediate.

Penetration Testing

Proactively protect your assets and your data.

Vulnerability Scanning

Identify. Investigate. Remediate.

Penetration Testing

Proactively protect your assets and your data.

Cybersecurity Training

Read 5 Minutes

GAI Cyber offers a variety of training courses for certifications and cybersecurity topics. Classes are taught through online delivery format, as well as in person – at one of our training locations or on client site. Contact us for details about training course availability and scheduling.

Ready to get started?

GAI Cyber Solutions, LLC is a U.S. based company located in Northern Virginia. We offer a variety of Cybersecurity Services with an emphasis on bringing cybersecurity expertise to the recruitment arena.

We welcome you to contact us for more information about our top-tier compliance solutions. Together we can make a difference in the compliance journey.

Contact

Let's work together!

We welcome you to contact us for more information about any of our compliance solutions or consulting services.

GAI Cyber Solutions, LLC is a U.S. based company located in Northern Virginia. We offer a variety of Cybersecurity Services with an emphasis on bringing cybersecurity expertise to the recruitment arena.

Mission: GAI strives to provide cost-effective cybersecurity expertise across a multitude of domains to both Federal and Commercial entities.

Vision: To bring cybersecurity services and awareness to organizations regardless of industry, size, and location so they may securely carry out their missions.

CALL: 703-626-8388

Contact