Get Ready for Your Certification
The Cybersecurity Maturity Model Certification (CMMC), introduced by the Department of Defense (DOD) in 2019, requires suppliers and contractors to pass a third-party audit of their cybersecurity readiness or risk losing their ability to compete for and deliver on DOD contracts starting in late 2020.
Dun & Bradstreet has partnered with QOMPLX to create a Pre-Assessment that will walk you through the steps needed to prepare your firm for a CMMC audit.
What is CMMC?
CMMC is the U.S. Department of Defense’s new Cybersecurity Maturity Model Certification. It is a requirement that all contractors and suppliers, primes and subs, establish protocols to protect Controlled Unclassified Information (CUI), Federal Contract Information (FCI), and other data, network, and systems of the Defense Industrial Base (DIB) sector. Previously, companies could self-certify compliance with the appropriate Defense Federal Acquisition Regulations (DFARs). Now companies must pass an audit conducted by a certified third-party assessment organization (C3PAO).
What are the different CMMC levels?
Corresponds with the 17 basic cyber security processes that must be performed to protect FCI in NIST SP 800-171 Rev 2 and 48 CFR 52.24-21.
Corresponds to 72 cyber security requirements including all 17 Level 1 practices. Focus is on establishing and documenting practices and policies for compliance.
Corresponds to 130 cyber security processes including all Level 1 and 2 requirements. The organization must demonstrate the ability to implement 800-171 requirements and manage ongoing policies and processes.
Corresponds to 156 cyber security practices including all Level 1, 2 and 3 requirements, which must be reviewed and measured for effectiveness. Adds ability to defend CUI from APT-style attacks. Adds controls from NIST SP 800-171B.
Corresponds to 171 cyber security processes, including all Level 1, 2, 3 and 4 requirements. Focus is on the protection of CUI from APTs and the increased depth and sophistication of cyber security capabilities.
Introducing the CMMC Pre-Assessment
Who should use the Pre-Assessment?
Whether you are going for Level 1 certification (Basic Cyber Hygiene), Level 5 (Advanced/Progressive) or anywhere in between, doing a Pre-Assessment will help your organization identify possible areas of concern and need for improvement. Based on the information and parameters you enter into the Dun & Bradstreet/QOMPLX assessment, you will receive feedback that shows your level of CMMC preparedness. This can help you determine whether to start the certification process for the CMMC level you have set as a goal, or whether to address problem areas and shore up internal processes prior to beginning your assessment.
Our Pre-Assessment is ideal for small to mid-sized companies who don’t have large internal security teams or for organizations that are looking to jump-start the CMMC process and want to assess their baseline certification readiness.