Complete the form below to read the eBook and get started.
Note: We take your information-security seriously and won’t ever share it with others.
The U.S. is under constant attack from a wide variety of malicious actors: it is estimated that over $60 Billion is lost annually to cyber theft. Much of that loss is via our government contracting community, which threatens not just our economic health, but our national security.
If you do business with the Department of Defense (DoD) it’s time to prepare for the Cybersecurity Maturity Model Certification (CMMC) framework. You WILL need to become certified even if you’re already operating in the DoD supply chain, or if you wish to win new DoD contracts.
CMMC is designed to secure our nation’s Defense Industrial Base (DIB) through a series of controls, processes, and certifications. CMMC transitions the DIB from the current, self-attestation model for cyber compliance to a third-party audit-based accreditation. This new requirement is being integrated into DoD contracts through a revision to DFARS 252.204-7012 and will go into effect in late 2020. Every company that does busines with the DoD, either directly or directly will need to comply with CMMC.
In prior years, DoD contractors could self-attest for DFARS 252.204-7012 compliance when requested by contracting authorities. This request was typically made after the contract was awarded. Now, CMMC will force the compliance requirement BEFORE award, or at award-time. Contractors will be evaluated based upon the implementation of actual technical controls in addition to their documentation and policies. Contracts will NOT be awarded if you are not CMMC compliant.
While many companies are understandably concerned about this potential loss of revenue, a great positive to the new certification will be the elimination of ambiguity. DoD contractors have struggled to understand how the DoD would enforce compliance; CMMC allows contractors to become certified and lean on those third-party assessments to protect them from potential Civil False Claims Act (FCA) actions related to their compliance with DFARS 7012 and NIST 800-171.
While COVID-19 may have slowed the rollout of CMMC slightly, IT professionals should not expect any major delays. Every indication is that CMMC is on pace to be active by the end of 2020.Book MY Cybersecurity review
The CMMC framework includes five levels of security requirements. Each level is a mix of practices and processes that measure both technical activities as well as the maturity of a company’s policies and governance. If you store, process, or transit Controlled Unclassified Information (CUI), you will be required to achieve at least Level 3 compliance.
Microsoft 365 GCC High is the version of Microsoft 365 that is designed specifically for the DIB. It is built on a foundation of security, privacy, and compliance in the Azure Government Cloud. With Microsoft 365 GCC High, contractors can meet the following requirements:
C3 has developed a methodical approach to securing your environment and positioning it for CMMC compliance. Building upon the Microsoft Cloud and GCC High, as well as select complementary services, C3 delivers the technologies necessary to enable the processes required by CMMC. This approach is modular, allowing our clients to pick the services they need to complete their compliance journey. We provide a practical strategy that allows you to implement services incrementally, at your pace, while maintaining capability and security each step of the way.
Preparing for your CMMC audit requires a review of your cybersecurity posture and determining the level of investment required to become compliant. We can help you understand how CMMC works as well as what solutions you need to meet your targeted level of compliance.Book MY Cybersecurity review
Just as contractors have dedicated staff and resources to prepare for ISO, CMMI, and DCMA audits, DoD contractors will need to have adequate technology support for CMMC. The DoD has suggested that businesses will need to dedicate significant staffing resources (greater than or equal to four information security specialists) to cybersecurity compliance and continuous improvement. Unfortunately, the overwhelming majority of government contractors under 1,000 employees do not have the teams in place to support this need or capability. And while some firms could build an internal team, many are choosing to partner with an external firm with the expertise to manage the environment and security process for them.
C3 Integrated Solutions is dedicated to securing our nation's military infrastructure by protecting the cyber resources of the DIB. As a leading provider of Microsoft Government Cloud solutions including Microsoft 365 GCC, GCC High and Azure Government, we specialize in helping clients achieve DFARS 252.204-7012 and NIST 800-171 compliance through a suite of solutions designed to meet these requirements. This positions our clients to be ready for the upcoming Cybersecurity Maturity Model Certification audits later this year. Our approach provides personal service on your terms.
“C3 is awesome! I’m so glad I went with you guys. It can be a bit challenging moving from nothing to the GCC high cloud, but the C3 Team make it understandable and painless. That’s also one of the big reasons I choose to add the DEFEND service – I have zero worries that C3 will implement it correctly and I will understand how to manage it.”
Not all workers are found sitting in an office cube behind a computer. Some employees, such as those that work on the shop floor d...
Over the past few months, Microsoft has been updating how Office 365 deals with spoofing and phishing attacks. While many of th...
Waiting (and Waiting) for CMMC… As the months tick by, a number of our clients have been asking us about CMMC – some, no doub...