CMMC Readiness

The Cybersecurity Maturity Model Certification (CMMC) is an upcoming third-party verification/certification of the 110 cybersecurity controls found in NIST SP 800-171 as prescribed in DFARS 252.204-7012. Members of the Defense Industrial Base who handle Controlled, Unclassified Information (CUI) will be required to undergo a level 2 CMMC assessment according to DFARS 252.204-7021.

To prepare for CMMC, businesses should:

• Perform a CUI data flow modeling exercise, to understand how sensitive information is being received, used, and sent through their environment
• Perform an assessment of the current implementation of the 110 cybersecurity controls found in NIST SP 800-171 (as perscribed by DFARS 252.204-7012), to understand gaps and non-compliant areas
• Build out a Plan of Actions and Milestones (POA&M) that will remediate all discovered gaps and bring the business into full compliance with the requirements of NIST SP 800-171

Redwood can lead businesses through this process of satisfying current cybersecurity compliance requirements as dictated by DFARS 252.204-7012 and preparing for upcoming CMMC third-party assessment requirements.

Contact

All inquires should be sent to services@redwoodcyberservices.com.

Redwood Cyber Services, LLC is a Service-Disabled Veteran-Owned Small Business (SDVOSB).