Cybersecurity Compliance Services
By May 2023, manufacturers and suppliers in the defense base will be required to comply with CMMC standards.
Since 12/31/2017, The DoD has expected the supply chain to conform with the NIST 800-171 cybersecurity standards. The expectation, including the flow down clause for subcontractors, has been in the Defense Federal Acquisition Regulations (DFARS) 252.204-7012 section of contracts. NIST 800-171 requirements include Physical, Technical and Administrative security controls across 14 families and require companies to have a System Security Plan (SSP), Plan of Actions & Milestones (POA&M) and Incident Response Plan. Companies were able to self-attest that they are conforming. The DoD was growing more and more concerned around the threat of cyber-attacks and estimating that less than 20% of the supply chain was meeting the standards. Therefore, the Cybersecurity Maturity Model Certification (CMMC) was created. Rather than self-attest, there will be a third-party assessment and certification process to hold the supply chain accountable to the standards.
NJMEP Can Help
DoD Cyber Assessment and Full Remediation Support
- Complete the assessment against both the 110 NIST 800-171 controls and the 130 CMMC Level 3 controls, create your POA&M and work through remediation
- Continuous Monitoring and Threat Detection and prioritization
- Leverage Policy and Training templates for policies and trainings you need to create
- Leverage secure portal to view sample documents and upload your artifacts for review
- Work with Subject Matter Experts to guide you through and validate the work being done
- Track your progress via your portal
Each contractor must supply the following information with respect to each system being assessed:
- Assessment Date
- Assessment Score
- Assessing Scope
- Plan of Action Completion Date
- CAGE Code
NIST MEP, NJMEP leadership and our cybersecurity resource were involved in the creation of the CMMC and NJMEP is the implementation partner in a DoD OEA grant to help companies become compliant. NJMEP has not only been hosting workshops and now webinars for over a year to educate companies about these requirements but also assisting with a gap analysis and remediation to the standards.
The average score we see for companies completing a gap analysis against the NIST 800-171 controls is less than 30%. It has been taking companies with someone focused on this, working with our resource, between six months and 1 year to complete. Our resource provides cyber protection for the Army and intelligence communities and developed a scalable solution specifically for small to mid-size companies.
Contact NJMEP's Cyber Security Team for More Information
"*" indicates required fields