DFARS Compliance Software2021-09-02T13:20:28+00:00

DFARS Compliance Software

Read it Now

Rizkly CMMC Solution Datasheet

Learn more about what you get as part of the Rizkly CMMC solution and why it’s best answer for small and mid-sized defense contractors.

Read it Now
Get eBook

Rizkly CMMC Success eBook

Our CMMC eBook describes CMMC mistakes to avoid, tips to minimize costs and strategies for faster, efficient CMMC success.

Get eBook
Schedule Demo

Request a Rizkly CMMC Demo

Get a demo of Rizkly CMMC or request trial access.  Learn more about our starter packages and working with a Rizkly compliance expert.

Schedule Demo

Over the next few years, the Department of Defense will phase-in a new set of cybersecurity standards for doing business with the department: The Cybersecurity Maturity Model Certification (CMMC). Former Acting Secretary of Defense Patrick Shanahan said that the intention of CMMC is to standardize cybersecurity requirements, and raise cybersecurity to be “the fourth critical measurement” of contractors’ proposals next to quality, cost, and schedule. The establishment of the CMMC means that contractors will need to redouble their efforts, and verify, beyond trust, that their (and any subcontractors’) cybersecurity efforts conform with new policy. Key CMMC tenets and points include:

The Five Levels of CMMC Certification

  • Level 1“Basic Cyber Hygiene”
    – 17 NIST 800-171 Rev 1 controls 
  • Level 2“Intermediate Cyber Hygiene”
    – 46 NIST 800-171 Rev 1 controls
  • Level 3“Good Cyber Hygiene”
    – Final 47 NIST 800-171 Rev 1 controls
  • Level 4“Proactive”
    – 26 NIST 800-171 Rev B controls
  • Level 5“Advanced / Progressive”
    – Final 4 NIST 800-171 Rev B controls

Best CMMC Compliance Solution

In conforming to standards, companies may consider working with IT consultants to ensure compliance. Rizkly offers a lower, controlled cost and guided compliance service to simplify your CMMC compliance efforts. Rizkly compliance advisors are highly experienced in helping SMBs achieve compliance with cyber security frameworks such as NIST 800-171, GDPR/CCPA Data Privacy, and SOC2.  Rizkly, powerful cloud SaaS application and expert advisory combined, enables you to address the important dynamics associated of CMMC:

  • CMMC combines various cybersecurity standards and best practices and maps these controls and processes across several maturity levels that range from basic cyber hygiene to advanced

  • Certification at one of the five CMMC levels required by a DoD project will be appear in RFP L&M sections, becoming a “bid/no bid” decision point

  • Certification will be performed by accredited third party, private sector assessors

  • All DoD contractors (prime and subcontractors) have to achieve Level 1 certification at a minimum

  • No POAMs allowed. If you cannot adequately address a practice for a given level,  you will not certify at that level.

CMMC with Rizkly

The establishment of CMMC indicates DoD’s increasing focus on contractor cyber security. Partnering with Rizkly provides you with a expert advisor that defines and prioritizes compliance tasks along and a powerful compliance software application so you can demonstrate compliance at a reasonable price.

  • CMMC Compliance Software:  A collaborative cloud application providing access to all CMMC 1.0 (and NIST 800-171) requirements for levels 1 thru 5.  You  manage control ownership, tasks, evidence collection, policies, procedures and implementation status.  Learn more about Rizkly features here.

  • CMMC Compliance Advisory: Assistance with compliance tasks through checklists and suggestions tailored to your project. Streamline collaboration between team members and consultants through multiple channels of communication: chat, email, phone

  • Tasking and Tracking: Assign ownership and access compliance status with a few clicks. Users receive alerts when it’s time to review controls or attach evidence

  • CMMC Compliance Audit Documentation: One-click creation of audit-ready documentation such as System Security Plans (SSP) and Incident Response Plans  (IRP) reduces the time and effort needed to create, review, and maintain compliance documents, letting you focus on implementing security, rather than documenting it

  • Third-Party Assessor Access: streamline CMMC assessment and certification efforts with secure 3rd-party auditor access to appropriate information in Rizkly.  Learn more about all of the features that make Rizkly the perfect CMMC solution here.

Demonstrate your company’s CMMC compliance status with Rizkly.

Need More Information?

    CMMC Learning Resources 

    Questions about 800-171, CMMC and where you stand?  

    Schedule a call to discuss your needs and demonstrate why Rizkly’s combination of app and expert is the right model for most companies. 

    Schedule a CMMC Planning Discussion

    Under 50 employees?  Register for our CMMC Starter package.   

    Specially priced for small businesses that need to address 800-171 and SPRS scoring now and CMMC later.  

    Sign up for the Rizkly Starter Package

    Register for NIST and CMMC Updates

      Do you perform system remediation work?2022-05-19T02:00:44+00:00

      Rizkly experts will advise, guide and review hardware and software technology changes to ensure that they address specific compliance controls but we do not perform the actual implementation work.  Over the years, we have a developed a trusted ecosystem of partners who offer effective and affordable solutions to expedite remediation of security and compliance gaps.  We will gladly refer you to appropriate partners if and when the need arises.   Creating policies,  procedures and other artifacts are also a key part of compliance remediation efforts and these are activities that our advisors do perform using powerful Rizkly features for policies and procedures.

      A description of the services that Rizkly expert advisors provide?2022-05-19T01:37:42+00:00

      Rizkly cybersecurity compliance advisors will work with you through the entire lifecycle of your compliance initiative.  We will scale up/down depending on specific need, and we co-create our involvement in the early stages of the project.  Typical project activities include:

      • Gain an understanding of your business, your clients, your system(s), and your anticipated compliance requirements
      • Educate your team members on compliance requirements, how to leverage the Rizkly app and what will be expected throughout the effort 
      • Develop the system ‘boundary’, and what will be in scope for compliance purposes
      • Draft a system architecture diagram that clearly depicts the system boundary
      • Review existing documentation and work with your team members to understand system and process specifics
      • Perform a high level gap assessment to determine what controls are in place and operating effectively, and where there are gaps
      • For each gap determine a detailed plan of action to remediate
      • Collaborate as needed with personnel (staff and/or your vendors) during remediation. 
      • Provide advisory support, develop documentation, design controls, review evidence, audit prep, etc.
      • Ensure that all artifacts and control implementation statements are effectively captured in Rizkly
      • Educate your team on how to leverage Rizkly to generate audit-ready documentation such as SSPs, POAM reports and SPRS scoring
      • Post-remediation ensure that all controls are in place and operating effectively

      Title

      Go to Top