C3PAO Services
As a Certified Third-Party Assessment Organization (C3PAO), CyberNINES Can Help You Achieve CMMC Compliance
.png?width=400&height=400&name=C3PAO%20Website%20banner%20(500%20x%20500%20px).png "C3PAO Website banner (500 x 500 px)")
As a Certified Third-Party Assessment Organization (C3PAO), CyberNINES Can Help You Achieve CMMC Compliance
The Department of Defense (DoD) created its Cybersecurity Maturity Model Certification (CMMC) program in order to protect its data, given that much of the work on DoD projects is done by non-government contractors. If your company is a direct (prime) contractor on DoD projects or if you subcontract with another company that is a prime DoD contractor, and you work with sensitive government data (Controlled Unclassified Information [CUI]), you must comply with CMMC requirements. For the vast majority of contractors, this will require certification by an authorized CMMC Third Party Assessment Organization (C3PAO).
CMMC incorporates two rules
- 32 CFR Part 170 describes the program and authorizes organizations to do assessments; it became a final rule October 11, 2024, and is expected to take effect December 16, 2024.
- 48 CFR Subpart 204.75 creates the Defense Federal Acquisition Regulation Supplement (DFARS) that will show up in contracts as DFARS 252.204-7021; the effective date is expected to be mid-year 2025.
CMMC will be rolled out in phases; ultimately it will be expected to be in all contracts, which could be required as early as 2027.
-
NIST 800-171 Control Sampling
-
NIST 800-171 Readiness Assessments
-
CMMC Level 2 Assessments
How we can help
CyberNINES is here to help you! We were the 26th company to become an authorized C3PAO—and we have the knowledge and expertise to help you gain the certification you need.
NIST SP 800-171 Readiness Assessments
To help your organization on your journey toward CMMC Level 2 certification, CyberNINES offers the NIST SP 800-171 Readiness Assessment. Our Readiness Assessment will determine your compliance to NIST SP 800-171 and evaluate your readiness for both the CMMC Voluntary Assessment and eventually the CMMC Level 2 Certification Assessment.
.png?width=200&height=200&name=Joint%20Surveillance%20Voluntary%20Assessment%20(JSVA).png)
CMMC Level 2 Assessments
As an authorized C3PAO, CyberNINES can perform CMMC Level 2 Assessments. The CMMC Level 2 Assessment provides increased assurance to the DoD that an OSA can adequately protect CUI at a level commensurate with the adversarial risk, including protecting information flow with subcontractors in a multi-tier supply chain. The Level 2 certificate also a pre-requisite for the CMMC Level 3 Assessment that would be conducted by the Defense Contract Management Agency’s Defense Industrial Base Cybersecurity Assessment Center (DIBCAC).
NIST 800-171Control Sampling
Not sure if your company is ready for the NIST 800-171 Assessment or a CMMC Level 2 Assessment? CyberNINES offers NIST 800-171 Controlled Sampling, a preparatory exercise to help you prepare for formal assessment.
CyberNINES offers a partial NIST SP 800-171 Assessment composed of an assessment sampling of 20 Controls. This sampling is being provided to determine if a company's CMMC preparation activities will be in compliance with NIST SP 800-171, as performed by a CMMC Third Party Assessment Organization (C3PAO). This will be an objective sampling that simulates an actual C3PAO CMMC Level 2 Assessment for 20 of the 110 NIST Controls.
This exercise will allow a company to determine the effectiveness of their CMMC readiness efforts. No consulting services will be provided by CyberNINES as part of this agreement due to the possibility that CyberNINES will eventually perform the actual CMMC Level 2 Assessment.
QUESTIONS?
SEND US A MESSAGE
EMAIL | inquiry@cybernines.com
PHONE | 608.512.1010
SCHEDULE A MEETING | Meet with a Cybersecurity Expert