Skip to content

Is Your Business Impacted By CMMC?

Get help today to ensure CMMC compliancy tomorrow

How CMMC may impact your business

The Cybersecurity Maturity Model Certification (CMMC) is a security framework being adopted by the Department of Defense (DoD) to protect our nation’s Defense Industrial Base (DIB). The program will impact all organizations supporting the defense supply chain from weapons system suppliers down to back office suppliers and service providers. Since the framework outlines protections to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI), not only will prime contractors on DoD contracts need to be certified to meet their designated maturity level requirement, but sub-contractors will also need to be certified depending on the FCI and CUI data they are storing, creating or processing.

The CMMC establishes a three-tiered framework ranging from Maturity Level 1 – “Basic Cybersecurity” to Maturity Level 3 – “Highly Advanced Cybersecurity”. Each maturity level includes specific definitions and requirements for processes and practices. The certification level your business will need depends on the requirements outlined in you DoD contract.  

Dewpoint can assist in helping you determining what maturity level you should strive to achieve but you should work closely with your Contracting Officer to make sure the “right” level is achieved.

How we can help you prepare for CMMC Certification Assessment

As a Registered Provider Organization (RPO), Dewpoint Registered Practitioners (RPs) can provide design and implementation services to meet CMMC practices and assist in the creation of CMMC required documentation. In addition, Dewpoint RPs can help you prepare for your certification assessment by performing readiness assessments based on people, processes and technology to evaluate your current security program utilizing a proven methodology and IT expertise to provide you with actionable recommendations to meet your desired CMMC maturity level.

Eight Ways We Can Assist

Readiness Assessments

Review security program controls against the required CMMC level to identify gaps and provide remediation recommendations

Develop Scoping Diagrams

Outline where CUI/FCI data is stored, processed, and transmitted

System Security Plan (SSP) Development

Assist in creating and updating SSP’s

Plan of Action and Milestones (POA&M) Development

Provide support creating and updating POA&M

Develop CMMC Processes

Assist in creating CMMC required processes such as policies, standards, supporting documentation and other supporting documentation

Technical Implementation Services

Assist in remediation activities by providing architecture and technical project implementation support

Provide Program Management Expertise

Create and update the ongoing governance necessary to maintain CMMC compliance

Ongoing Support and CISO-as-a-Service

Provide ongoing support to ensure compliance since adherence to the CMMC is continuous and not a one-time task

Why Dewpoint?

We take a holistic view of your environment to help your organization meet CMMC requirements. A lot of technology vendors are saying “our product will make you CMMC compliant or CMMC compliant in this area”. That is not true as technology is just one piece of achieving CMMC compliance; processes and documentation play a critical role in CMMC requirements. Dewpoint understands what it takes to help you achieve CMMC compliance and will assist you on your journey.

Follow Dewpoint