DoD CMMC Compliance

Over the next two years, the Department of Defense will phase-in a new set of cybersecurity standards for doing business with the department: The Cybersecurity Maturity Model Certification (CMMC). Former Acting Secretary of Defense Patrick Shanahan said that the intention of CMMC is to standardize cybersecurity requirements, and raise cybersecurity to be “the fourth critical measurement” of contractors’ proposals next to quality, cost, and schedule. The establishment of the CMMC means that contractors will need to redouble their efforts, and verify, beyond trust, that their (and any subcontractors’) cybersecurity efforts conform with new policy. Key CMMC tenets and points include:

The Five Levels of CMMC Certification

  • Level 1“Basic Cyber Hygiene”
    – 17 NIST 800-171 Rev 1 controls 
  • Level 2“Intermediate Cyber Hygiene”
    – 46 NIST 800-171 Rev 1 controls
  • Level 3“Good Cyber Hygiene”
    – Final 47 NIST 800-171 Rev 1 controls
  • Level 4“Proactive”
    – 26 NIST 800-171 Rev B controls
  • Level 5“Advanced / Progressive”
    – Final 4 NIST 800-171 Rev B controls

Best CMMC Compliance Solution

In conforming to standards, companies may consider working with IT consultants to ensure compliance. Rizkly offers a lower, controlled cost and guided compliance service to simplify your CMMC compliance efforts. Rizkly compliance advisors are highly experienced in helping SMBs achieve compliance with cyber security frameworks such as NIST 800-171, GDPR/CCPA Data Privacy, and SOC2.  Rizkly, powerful cloud SaaS application and expert advisory combined, enables you to address the important dynamics associated of CMMC:

  • CMMC combines various cybersecurity standards and best practices and maps these controls and processes across several maturity levels that range from basic cyber hygiene to advanced

  • Certification at one of the five CMMC levels required by a DoD project will be appear in RFP L&M sections, becoming a “bid/no bid” decision point

  • Certification will be performed by accredited third party, private sector assessors

  • All DoD contractors (prime and subcontractors) have to achieve Level 1 certification at a minimum

  • No POAMs allowed. If you cannot adequately address a practice for a given level,  you will not certify at that level.

CMMC with Rizkly

The establishment of CMMC indicates DoD’s increasing focus on contractor cyber security. Partnering with Rizkly provides you with a virtual Compliance Officer and a powerful software application so you can demonstrate compliance at a reasonable price.

  • CMMC Compliance Software:  A collaborative cloud application providing access to all CMMC 1.0 (and NIST 800-171) requirements for levels 1 thru 5.  You  manage control ownership, tasks, evidence collection, policies, procedures and implementation status.  Learn more about Rizkly features here.

  • CMMC Compliance Advisory: Assistance with compliance tasks through checklists and suggestions tailored to your project. Streamline collaboration between team members and consultants through multiple channels of communication: chat, email, phone

  • Tasking and Tracking: Assign ownership and access compliance status with a few clicks. Users receive alerts when it’s time to review controls or attach evidence

  • CMMC Compliance Audit Documentation: One-click creation of audit-ready documentation such as System Security Plans (SSP) and Incident Response Plans  (IRP) reduces the time and effort needed to create, review, and maintain compliance documents, letting you focus on implementing security, rather than documenting it

  • Third-Party Assessor Access: streamline CMMC assessment and certification efforts with secure 3rd-party auditor access to appropriate information in Rizkly.  Learn more about all of the features that make Rizkly the perfect CMMC solution here.

Demonstrate your company’s CMMC compliance status with Rizkly.

Need More Information?

CMMC Learning Resources 

Questions about CMMC and where you stand?  

We will pick up the phone and give you a call to discuss your needs. 

Schedule a CMMC Planning Discussion

Register for NIST and CMMC Updates