• Home
  • CMMC Preparation
    • Risk Assessment
    • Compliance Assessments
    • General Consulting
    • Policy Review/Development
    • Self Study
    • KATE
  • Contact Us
    • Who Are We
    • Capabilities Statement
    • Home
    • CMMC Preparation
    • Assessments
      • Risk Assessment
      • Compliance Assessments
    • Consulting
      • General Consulting
      • Policy Review/Development
    • Training Courses
      • Self Study
      • KATE
    • Contact Us
    • About Us
      • Who Are We
      • Capabilities Statement
  • Home
  • CMMC Preparation
  • Contact Us
image265

What is CMMC?

The Cybersecurity Maturity Model Certification (CMMC) is the Department of Defense's (DoD) newest verification mechanism designed to ensure that cybersecurity controls and processes adequately protect Controlled Unclassified Information (CUI) that resides on Defense Industrial Base (DIB) systems and networks.

What is CUI?

Controlled Unclassified Information (CUI) is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended


Examples of CUI

  • personally identifiable information such as legal material or health documents,
  • technical drawings and blueprints
  • intellectual property
  • as well as many other types of data 

image266

What does CMMC consist of?

The CMMC consists of 5 Levels of cybersecurity readiness. Theses level range from basic cyber hygiene to advance cyber practices. In total, there are 171 practices that must be met for compliance. 

What actions should DoD contractors take now?

 DoD contractors should immediately learn the CMMC's technical requirements and prepare not only for certification, but long-term cybersecurity agility. Details on how the CMMC assessments will be conducted, and how to challenge those assessments, are anticipated soon. DoD contractors that have already started to evaluate their practices, procedures and gaps when the details are finalized will be well-positioned to navigate the process and meet the mandatory CMMC contract requirements for upcoming projects. 

How our CMMC support works

            Our CMMC preparation services are provided to help you meet the requirements set for by the Department of Defense and CMMC Accreditation Body for the desired certification level. Our offering currently provides consulting up to level CMMC Level 3. Specifically it includes a gap analysis, compliance assessment and policy reviews as applicable. The determination of cost and scope will be based on required level and current security implementation. Other services can be included as required. Additionally, as part of the CMMC preparation we also provide recommendation to help with corrective actions.


Preparation

                                We perform a detailed analysis of your current network and compare it with the cyber security controls required in NIST 800-171. We prepare a System Security Plan (SSP) & Plan-of-Action & Milestones (PO&AM) providing documented evidence to the DoD or your Prime that you’re on your way towards compliance. In this phase we also help create any policies and procedures needed to meet the CMMC requirements.


Remediation

                                In this step, the items called out in the Plan-of-Action & Milestone (PO&AM) are addressed. Depending on the current state of your IT systems, this can be as simple as implementing multi-factor authentication and security awareness training or as complex as refreshing an entire aging infrastructure. 


Follow-Up

                                As part of our guarantee we offer an additional block of hours to be used at the conclusion of the preparation and remediation phases. These hours are used to answered new questions or to ensure changes made after the consulting support your certification success and not hinder it.


Preparation Level Offerings

Level 1

Gap Analysis, preparation of documentation and policies, with up to 20 additional hours of general consulting support after preparation process.

Level 2

Gap Analysis, preparation of documentation and policies, with up to 40 additional hours of general consulting support after preparation process. 

Level 3

Gap Analysis, preparation of documentation and policies, with up to 60 additional hours of general consulting support after preparation process. 

Preparation prices are based on the perceived amount of effort to obtain the desired level. These prices may change based on scope of the project.

Contact us for a free consultation to determine how we can help!

Contact us now

Copyright © 2020 Osics, LLC - All Rights Reserved.

Powered by GoDaddy Website Builder

Cookie Policy

This website uses cookies. By continuing to use this site, you accept our use of cookies.

Accept & Close