CMMC 2.0
CMMC 2.0 What are the changes to CMMC In January of 2020, the DoD issued a new standard that the Defense Industrial Base (DIB) needed
Summit Business Technologies can help you on your CMMC certification journey. For assessment preparation needs, Summit staff has a thorough understanding of the control requirements needed for compliance.
Cybersecurity Maturity Model Certification or CMMC is a certification process that validates the requirements of NIST 800-171, which is a requirement that the Defense Industrial Base (DIB), contractors and subcontractors must comply with in order to do business with the DoD.
To achieve Cybersecurity Maturity Model Certification (CMMC), an Organization Seeking Certification (OSC) should work with a Registered Practitioner Organization (RPO) to prepare and remediate any concerns prior to their third-party assessor organization (C3PAO) assessing them. The remediation work we do at Summit is crucial in identifying the changes that need to be made along with educating your organization on them. After the assessment, the C3PAO then submits the findings of the audit so you may view if you have met or not met all the requirements for the certification. The OSCs CMMC certification is then listed on a searchable database, and the confirmed certification will determine what DoD contracts the firm is eligible to be awarded.
We conduct an initial Gap Analysis by analyzing your current environment and compare it to the control requirements of NIST 800-171 R2. The result of this analysis would be your initial System Security Plan (SSP), Plan-of-Action and Milestones (POAM), and Supplier Performance Risk System (SPRS) score.
We build a remediation plan based off the POAM generated in the readiness assessment. We review the plan with you, go over each assessment objective, and determine the next steps to address the deficiencies. Simultaneously, we educate your team on each one of these objectives so you can be prepared on what the assessors look for. The complexity of this process and the remediation actions varies depending on the deficiencies found in the POAM. After the remediation is done, we do a final assessment before bringing in your C3PAO that gives you an updated SSP, POAM, and SPRS.
Finally, we stand by your side throughout the official assessment process, providing guidance as the assessor reviews your environment and helping you address any findings to ensure a smooth experience. Additionally, we regularly review changes in CMMC requirements and address them with you, keeping your compliance up-to-date. Our team continually updates the compliance toolset to reflect regulated changes in your environment. When you consider new solutions, we help vet them to ensure compliance. As part of our ongoing support, we conduct an annual readiness assessment to confirm continued compliance.
Summit is proud to partner with SentinelOne, a premiere FedRAMP authorized EDR and SOC solution.
CMMC 2.0 What are the changes to CMMC In January of 2020, the DoD issued a new standard that the Defense Industrial Base (DIB) needed
We have been talking with CMMC maturity Level 1 and Level 3 seekers for months now, and one thing we keep hearing is, “I am
Every small company seeks to pay lower taxes to increase their profit margins on products and services that they provide. Now in Maryland that opportunity
The CMMC is making progress towards training new CMMC auditors. With the first round of trainees through, they are gearing up to begin the next
Let the Games Begin After its announcement in January 2020, we have been anxiously awaiting more information on the implementation of the CMMC standard. Summit
It is now June, and we are still waiting on the finalization of the audit process and training of the Cybersecurity Maturity Model Certification (CMMC)