big city
We are online 24/7.
Call us today!
858-812-5298
Skyriver IT logotype.
Main phone.
Cybersecurity Maturity Model Certification
Cybersecurity Maturity Model Certification

Cybersecurity Maturity Model Certification

Cybersecurity Maturity Model Certification (CMMC) is a framework of various cybersecurity standards and best practices that is a requirement for government contractors working with the Department of Defense (DoD). Is an assessor certification program. It's designed to increase the trust in measures of compliance to a variety of standards published by the National Institute of Standards and Technology. CMMC was developed to protect sensitive information provided by the government to complete a work contract through a third party contractor.

Who needs CMMC Certification?

If your company is a part of the Department of Defense’s supply chain (or plans to be in the foreseeable future) as either a contractor or subcontractor then you will need CMMC certification. The type of CUI data determines the required level and whether the company will handle CUI or FCI.
Frustration-Free IT

Federal Contract Information (FCI)

Information provided by the government through a contract that is not intended for public release but necessary to complete the product or service
Business Centric Approach

Controlled Unclassified Information (CUI)

Information, including laws, that needs safeguarding or is not intended for public release, but does not include classified information
Cybersecurity Maturity Model Certification

Levels of Compliance

The tiered model requires companies entrusted with national security information to implement cybersecurity standards at progressively higher levels, based on the type of information and its sensitivity. This model also establishes the processes for disseminating this information to subcontractors.

Level 1 (Foundational)

Annual self assessment

Level 2 (Advanced)

Triannual third-party assessments for critical national security information;
Annual self assessment for select programs

Level 3 (Expert)

Triannual government-led assessments, it follows the additional requirements from NIST-800-172 standards

Annual self assessment

Triannual third-party assessments for critical national security information;
Annual self assessment for select programs

Triannual government-led assessments, it follows the additional requirements from NIST-800-172 standards

NIST data

FREQUENTLY ASKED QUESTIONS

How will my organization become certified? 

Your organization will coordinate directly with an accredited and independent third-party commercial certification organization to request and schedule your CMMC assessment. You can't be self-certificated. Your company will specify the level of the certification requested based on your company's specific business requirements. Your company will be awarded certification at the appropriate CMMC level upon demonstrating the proper maturity in capabilities and organizational maturity to the satisfaction of the assessor and certifier. 

Will there be self-certification?

No. The CMMC program will require an annual self-assessment and an annual affirmation by a senior company official.

What if my organization cannot afford to be certified?

The cost of certification will be considered an allowable, reimbursable cost and will not be prohibitive. For contracts that require CMMC, you may be disqualified from participating if your organization is not certified.

Do companies not handling CUI need to be certified? How to know the certification level required?

Yes. All companies conducting business with the DoD must be certified. The level of certification required will depend upon the amount of CUI a company handles or processes. The government will determine the appropriate tier (i.e., not everything requires the highest level) for the contracts they administer. The required CMMC level will be contained in sections L & M of the Request for Proposals (RFP), making cybersecurity an "allowable cost" in DoD contracts.

SkyriverIT specialists are solving a problem.

Contact Us

Field must be filled
Field must be filled
Email is invalid
Phone number is invalid
Field must be filled
Field must be filled
Thank you!
Your submission has been received!
Oops! Something went wrong while submitting the form.
KGC Technologies, LLC D/B/A Skyriver IT meets ADA website standards according to Web Content Accessibility Guidelines (WCAG)
OK
By using this website, you agree to our use of cookies. We use cookies to provide you with a great experience and to help our website run effectively.
OK