Call (937) 912-9045 | Email Us

Cybersecurity Maturity Model Certification

Registered Provider Organization (RPO) Assisting Dayton Area DoD Contractors with CMMC Assessment Preparation

CYBERSECURITY MATURITY MODEL CERTIFICATION

About the Certification

CYBERSECURITY MATURITY MODEL CERTIFICATION

About the Certification

The Department of Defense (DoD) is focusing on securing the Nation’s supply chain by safeguarding Controlled Unclassified Information (CUI). The Cybersecurity Maturity Model Certification (CMMC) and the Accredited Body (CMMC-AB) were created to accomplish this task. These changes are driving Dayton Area Defense Contractors to find ways to prepare for upcoming assessments. Whether the company is a prime contractor, or works in support of a prime contractor, if CUI is handled, the company must comply with CMMC guidelines.

LMS Consulting is a Dayton based Registered Provider Organization (RPO), staffed with Registered Practitioners (RPs) who are trained in the CMMC methodology. Whether your company is trying to figure out where to start, or well on your way and just looking for guidance on an upcoming CMMC assessment, the RPs at LMS are prepared to team up with you to create a customized program that will guide you through the process and prepare your company for the CMMC audit.

COMMON QUESTIONS RELATED TO CMMC

What is CMMC?

What is CUI?

What is the difference between an RPO and C3PAO?

How do I know if my company must be CMMC compliant?

What CMMC level does my company need?

When do I need to be compliant with CMMC?

When should I start the CMMC assessment preparation?

WHAT IS CMMC?

CMMC stands for Cybersecurity Maturity Model Certification. This is the new regulatory standard for Department of Defense (DoD) contractors. This framework combines cybersecurity controls from various standards, such as NIST 800-171, ISO 27001, and ISO 27032, and places them into five maturity level certifications. These five levels are broken into 17 different domains with 171 individual practices and processes.

WHAT IS CUI?

CUI stands for Controlled Unclassified Information. This classification is used for any information created or owned by the government that requires safeguarding.

WHAT IS THE DIFFERENCE BETWEEN AN RPO AND C3PAO?

A Registered Provider Organization (RPO) employs staff trained in the CMMC methodology and can provide consultant services to prepare for CMMC Assessments. CMMC Third-Party Assessor Organization (C3PAO) hire and train Certified Assessors (CA) to conduct CMMC assessments.

HOW DO I KNOW IF MY COMPANY MUST BE CMMC COMPLIANT?

Any company supporting a DoD contract that handles CUI will be required to be CMMC certified.

WHAT CMMC LEVEL DOES MY COMPANY NEED?

If a company is only handling Federal Contract Information (FCI), they will only need to adhere to the 17 practices required for CMMC Level 1 certification. When a company starts handling Controlled Unclassified Information (CUI) they will need to be certified at a minimum of Level 3. This includes 130 practices and 3 processes. Details regarding the requirements for Level 4 and Level 5 certifications are still under review.

WHEN DO I NEED TO BE COMPLIANT WITH CMMC?

DoD has developed a methodical 5-year roll-out plan. Starting in 2021, 15 new prime contracts will be awarded with CMMC requirements. From there it will expand to include up to 479 new prime contracts in 2025. In order to prime or subcontractor on any of these new contracts, your company must complete the CMMC certification level required by that contract.

WHEN SHOULD I START THE CMMC ASSESSMENT PREPARATION?

Although the DoD roll out plan will take several years, starting assessment preparation right away can make the process more efficient. Implementing all the policies and practices will take time and ensuring all of these are in place prior to needing the certification is recommended. A certified Registered Practitioner (RP) can provide guidance on how to work through the preparation phase.

LeBrun Management Solutions, LLC
3572 Dayton Xenia Road, Suite 210
Beavercreek, Ohio 45432

Phone (937) 912-9045
Email info@lmsolutionsllc.com
Website https://lmsolutionsllc.com
In addition to Dayton, we also serve those in Kettering, Centerville, Englewood, Huber Heights, Springboro, Columbus, Cincinnati, and other Ohio areas as well as Indiana and Kentucky.