The Cybersecurity Maturity Model Certification (CMMC) is a regulation issued by the US Department of Defense (DoD) to improve the cybersecurity of the defense industrial base (DIB). By the end of 2021, CMMC compliance will be mandatory for fifteen identified contracts as part of the pilot program. Each subsequent year, additional contracts will require CMMC compliance until 2025, at which time all defense contracts will require CMMC compliance. The CMMC model includes five different levels based on the size of an organization, the service(s) provided, and the nature of handling controlled unclassified information (CUI).
CMMC differs from past regulations because it requires a third-party attestation of compliance for certification. Organizations that do not meet the standards for achieving a specific CMMC compliance level will need to close the gaps and complete a compliance audit prior to participating (as a prime or subcontractor) in defense contracts.
CMMC Compliance the MorganFranklin Way
The DoD’s aggressive CMMC compliance targets indicate that companies should begin working toward CMMC compliance today. The first step is undertaking a CMMC Readiness Assessment and Gap Analysis.
MorganFranklin offers a three-stage process for companies looking to identify and close their CMMC compliance gaps:
1. Planning and Discovery: MorganFranklin advisors help develop a project plan and critical milestones for the readiness assessment. This includes identifying and working with key stakeholders, reviewing documentation, and defining the scope based on the organization’s environment and target CMMC level.
2. Readiness Assessment and Gap Analysis: We identify the organization’s current level of security maturity and CMMC compliance via interviews and workshops, policy reviews, and sample-based inspections of security controls. Based on this information, a CMMC Maturity Inspection Report, gap analysis, and a list of “quick win” recommendations for improvement are produced.
3. Strategy and Roadmap: After identifying the organization’s target CMMC level and current state, a CMMC strategy and roadmap are developed to guide the company and prepare for its CMMC compliance audit. MorganFranklin advisors present the results of the assessment and engage in discussions to clarify items.
Achieving CMMC Compliance with MorganFranklin
MorganFranklin is certified to help companies prepare for CMMC compliance and carry out CMMC Readiness Assessments. Additionally, we offer a range of services that help organizations close gaps in security controls, policies, and procedures.
MorganFranklin is committed to the long-term security and success of our clients. Whether we deliver advisory and hands-on support to help to achieve CMMC compliance, maintain compliance and/or develop and sustain a mature cybersecurity program, we are with you all the way.
Explore our full CMMC capabilities here.
