Cybersecurity Maturity Model Certification

CYBERSECURITY EXPERTS ASSISTANT DAYTON AREA DOD CONTRACTORS WITH CMMC ASSESSMENT PREPARATION

CYBERSECURITY MATURITY MODEL CERTIFICATION

About the Certification

CYBERSECURITY MATURITY MODEL CERTIFICATION

About the Certification

The Department of Defense (DoD) is focusing on securing the Nation’s supply chain by safeguarding Controlled Unclassified Information (CUI). The Cybersecurity Maturity Model Certification (CMMC) and the Accredited Body (CMMC-AB) were created to accomplish this task. These changes are driving Dayton Area Defense Contractors to find ways to prepare for upcoming assessments. Whether the company is a prime contractor, or works in support of a prime contractor, if CUI is handled, the company must comply with CMMC guidelines.

LMS is a Dayton area cybersecurity company, staffed with experts who are trained in the CMMC methodology and the NIST SP 800-171 risk-based assessment which is the backbone of the CMMC program. Whether your company is trying to figure out where to start, or well on your way and just looking for guidance on an upcoming assessment, LMS is prepared to team up with you to create a customized program that will provide guidance throughout the entire process and prepare your company for a CMMC audit.

COMMON QUESTIONS RELATED TO CMMC

What is CMMC?

What is CUI?

What is the difference between an RPO and C3PAO?

How do I know if my company must be CMMC compliant?

What CMMC level does my company need?

When should I start the CMMC assessment preparation?

WHAT IS CMMC?

CMMC stands for Cybersecurity Maturity Model Certification. This is the new regulatory standard for Department of Defense (DoD) contractors. This framework combines cybersecurity controls from various standards, such as NIST 800-171, ISO 27001, and ISO 27032, and places them into five maturity level certifications. These five levels are broken into 17 different domains with 171 individual practices and processes.

WHAT IS CUI?

CUI stands for Controlled Unclassified Information. This classification is used for any information created or owned by the government that requires safeguarding.

WHAT IS THE DIFFERENCE BETWEEN AN RPO AND C3PAO?

A Registered Provider Organization (RPO) employs staff trained in the CMMC methodology and can provide consultant services to prepare for CMMC Assessments. CMMC Third-Party Assessor Organization (C3PAO) hire and train Certified Assessors (CA) to conduct CMMC assessments.

HOW DO I KNOW IF MY COMPANY MUST BE CMMC COMPLIANT?

Any company supporting a DoD contract that handles CUI will be required to be CMMC certified.

WHAT CMMC LEVEL DOES MY COMPANY NEED?

If a company is only handling FCI, they will be required to comply with the 17 practices within Level 1. Organizations storing and handling Controlled Unclassified Information (CUI) will require a Level 2 certification, which includes all 110 practices within the NIST SP 800-171 assessment. Most companies will fall within these two levels.

WHEN SHOULD I START THE CMMC ASSESSMENT PREPARATION?

Although the DoD roll out plan will take several years, starting assessment preparation right away can make the process more efficient. Implementing all the policies and practices will take time and ensuring all of these are in place prior to needing the certification is recommended. A certified Registered Practitioner (RP) can provide guidance on how to work through the preparation phase.

LeBrun Management Solutions, LLC
3572 Dayton Xenia Road, Suite 210
Beavercreek, Ohio 45432

Phone (937) 912-9045
Email info@lmsolutionsllc.com
Website https://lmsolutionsllc.com
In addition to Dayton, we also serve those in Kettering, Centerville, Englewood, Huber Heights, Springboro, Columbus, Cincinnati, and other Ohio areas as well as Indiana and Kentucky.