Cybersecurity Maturity Model Certification (CMMC)
Starting in fall of 2020 DoD Requests for Information (RFI) and Requests for Proposal (RFP) will include requirements for suppliers to be CMMC certified in order to qualify for the contract. Although the CMMC assessment ecosystem is still under development, it is time to prepare for CMMC certification so that your organization can continue to qualify for and win DoD contracts.
CMMC assessments must be conducted by Certified Third-Party Assessment Organizations (C3PAO) that have partnered with the CMMC Accreditation Body (CMMC-AB) to provide assessment services. The CMMC assessment ecosystem is still under development, but Aeris Secure has submitted its application for C3PAO status.
A CMMC gap assessment provides a review of your organization's current state of compliance with the CMMC Standard. We provide our expertise and experience as an information security auditing and consultancy company to analyze your existing administrative, technical, and physical security controls for alignment with the CMMC controls. The goal of the gap assessment is to determine how you are addressing each CMMC requirement for your required level and establish a remediation plan for becoming compliant.
Gap assessment activities include:
- Review existing information security policies and procedures
- Conduct interviews and discussions with relevant personnel
- Analyze processes and technologies for CMMC compliance
- Issue gap assessment report, detailing findings and needed remediation