All Covered is continuing to stay on top of the latest updates and changes being made to the Cybersecurity Maturity Model Certification (CMMC) program. In case you missed it, the Department of Defense (DoD) has announced its suspension of the current CMMC 1.0 program and has moved the timeline for the new CMMC 2.0 requirements to after the Defense Federal Acquisition Regulation Supplement (DFARS) rule making.
The enhanced CMMC 2.0 model ensures accountability for companies to implement cybersecurity standards while minimizing barriers to compliance with DoD requirements. Significant changes have been made in efforts to streamline the certification process. As an accredited Registered Provider Organization, All Covered has Registered Practitioners, CMMC Certified Professionals and CMMC Certified Assessors that work under our designation as an RPO. Our capabilities are unparalleled even with C3PAOs, as we are not governed by the same restrictions and have a lot of the same information.
Previous attempts by the DoD using the Federal Acquisition Regulation (FAR) and the Defense Federal Acquisition Regulation Supplement (DFARS) to secure its information proved to not be sufficient over time. The DoD is requiring all Defense Supply Chain companies, except COTS providers, to comply by adding to its previous contract clauses FAR 52.204-25 & DFARS 252.204.7012. New enhanced DFARS rules are being implemented throughout the end of the year to first ensure NIST SP 800-171 companies have completed their self-assessment and reporting requirements using SPRS, and secondly allow third party auditing of the basic implementation along with the introduction of CMMC with third party assessments on certain contracts.
All Covered adheres to the following process to get Organizations Seeking Compliance (OSC) on their Journey. First, our goal is to perform a Practice/Control gap assessment against the Standard (CMMC L1 – 5, NIST SP 800-171, etc…) Next, we create a NIST 800-18 Conforming System Security Plan (SSP) and Plan of Action & Milestone (POAM). We then consult with the organization to remediate and fill all gaps found in the POAM to ensure a score of 110 on NIST SP 800-171 assessments, and also remediate any gaps for full conformance with CMMC. We observe conformance over a 3 to 6 month period to ensure habitual, and persistent behavior. Then we work with the OSC to identify artifacts that prove objective evidence of conformance. Lastly, we will introduce you to a C3PAO for your CMMC Assessment.