Cybersecurity Maturity Model Certification (CMMC 2.0) is a required certification for all businesses that are contractors of the US government’s Department of Defense (DoD) with comprehensive cybersecurity requirements based on NIST Special Publications 800-171 and 800-172. The CMMC requires DoD contractors to implement cybersecurity protections standards for controls including access control, incident response, physical protection, and system and information integrity. The CMMC framework is designed to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) that is shared by the DoD with its contractors and subcontractors based on the CMMC Level requirement. Many variables influence the effort required to prepare a system for audit and authorization.
HanaByte can automate and implement compliance services and is able to advise related organization personnel conducting a CMMC assessment prior to submission to an official third party audit. At your option, we can coach you on selecting an audit and certification firm appropriate for your business.
Perform workshops on CMMC requirements including educating key stakeholders, technical personnel, and support teams on a variety of relevant topics. Workshops are interactive and are used to learn more about your business.
Deliverables
Delivery of a variety of workshops covering CMMC Levels requirements.
Regular remote meetings to track progress that best fits your schedule.
Personnel
One or more Security Consultants will be assigned to the engagement for a flat fee.
Customer Responsibilities
Provide access to related documentation and in-scope systems.
Provide access to relevant personnel for workshop sessions.
Guidance in assessing your existing services and control implementations, infrastructure, policies and procedures documentation, and training documentation against the applicable CMMC requirements.
Guidance through CMMC requirements.
Educating key stakeholders, technical personnel, and support teams on a variety of topics.
Deliverables
Regular meetings to consult on CMMC processes and compliance gaps.
Personnel
One or more Security Consultants will be assigned to the engagement for a flat fee.
Customer Responsibilities
Provide access to related documentation and in-scope systems.
Provide access to relevant personnel for workshop sessions.
Assessment of your existing services and control implementations, infrastructure, policies and procedures documentation, and training documentation in order to perform a gap analysis against the applicable CMMC requirements.
Creation of a report with a detailed roadmap of efforts in regards to people, processes, and technology with recommendations for all unmet requirements.
Deliverables
Detailed readiness assessment includes review of your environment, information security policies, procedures, personnel, and controls.
Remediation plan with detailed steps to resolve gaps within a feasible timeline and regular meetings to track progress.
Expected CMMC gap assessment turnaround time of engagement to be 6-8 weeks depending on Maturity Level required.
Personnel
One or more Security Consultants will be assigned to the engagement for a flat fee.
Customer Responsibilities
Provide access to related documentation and in-scope systems.
Provide access to relevant personnel for workshop sessions.
Assessment of your existing services and control implementations, infrastructure, and documentation in order to perform a gap analysis against applicable CMMC requirements.
Perform workshops on CMMC requirements and implementation strategies.
Creation of a report with a detailed roadmap of efforts in regards to people, processes, and technology with recommendations for all unmet requirements.
Deliverables
Detailed readiness assessment including a review of your environment, information security policies, procedures, personnel, and controls.
Delivery of a variety of workshops covering CMMC requirements.
Remediation plan with detailed steps to resolve gaps within a feasible timeline and regular meetings to track progress.
Typical engagement timeline is 3-4 months depending on CMMC Level required.
Personnel
One or more Security Consultants will be assigned to the engagement for a flat fee.
One or more HanaByte Security Consultant may travel to your organization’s site to conduct hands-on assessment and workshops.
Gap assessment and workshops may be conducted concurrently for a reduced turnaround time in the case of assignment of multiple HanaByte Security Consultants.
Customer Responsibilities
Provide access to related documentation and in-scope systems.
Provide access to relevant personnel for workshop sessions.
