What is the Cybersecurity Maturity Model Certification (CMMC)?
Building upon the NIST SP 800-171 DoD Assessment Methodology, the CMMC framework adds a comprehensive and scalable certification element to verify the implementation of processes and practices associated with the achievement of a cybersecurity maturity level. CMMC is designed to provide increased assurance to the Department that a DIB contractor can adequately protect sensitive unclassified information such as Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) at a level commensurate with the risk, accounting for information flow down to its subcontractors in a multi-tier supply chain.
How We Help You Achieve CMMC Compliance
1
Readiness Review
We will ensure your organization meets compliance requirements to successfully undergo your CMMC Assessment.
2
Pre-Assessments
We will perform a mock control assessment to determine your current organizational gaps in meeting the CMMC requirements.
3
POA&M Remediation
We will help you remediate your existing plans of action & milestones to ensure your organization meets compliance requirements to successfully undergo your CMMC Assessment.
Our Credentials
Registered Provider Organization (RPO)
Diligent is an authorized RPO in the CMMC ecosystem providing advice, consulting, and recommendations.
We also have on staff, authorized Registered Practitioners (RP) who deliver advisory services on the CMMC standard.
Third-Party Assessor Organization (C3PAO)
Diligent is a C3PAO Candidate, authorized to manage CMMC assessments.
We also on staff, Certified CMMC Professional (CCP) and Certified CMMC Assessor (CCA) Candidates, authorized to conduct CMMC assessments.
Readiness Review Methodology
Scope Review
Our team meet with you to discuss and identify the information security system that are in-scope of CMMC.
Policy and Procedure Review
Our team will review your existing Policy and Procedure documents, and provide feedback.
System Security Plan Review
Our team will review your existing System Security Plan, and provide feedback.
Pre-Assessment Methodology
Interviews & Document Review
Our team assesses the effectiveness of the information security controls protecting your in-scope infrastructure.
Findings
Our team will present all relevant discoveries and finding to the appropriate organization stakeholders.
Recommendations and Remediation
Our team will deliver our recommendations for remediation.
POA&M Remediation Methodology
Recommendations and Remediation
Our team will review your existing plan of action & milestones for remediation.
POA&M Remediation
Our team will help you put together a plan to remediate existing POA&Ms.
Update System Security Plan
Our team will help you update your System Security Plan to reflect the remediated POA&Ms.