Cybersecurity Maturity Model Certification (CMMC) Compliance Services

CMMC Compliance for
Defense Industrial Base (DIB)

 

Cybersecurity Maturity Model Certification (CMMC) will be required for companies that support the Department of Defense (DoD). Any organization that works with CUI must comply with this new cybersecurity process. CMMC 2.0, To safeguard sensitive national security information, the Department of Defense (DoD) launched CMMC 2.0 in November 2021, a comprehensive framework to protect the defense industrial base from increasingly frequent and complex cyber-attacks.

Compliance can be a lengthy process, so for organizations in the DoD supply chain, it is critical to identify your CMMC level of compliance, focus on implementing the security controls, the fundamentals of your policies, and procedures right now. The first step is to understand your weaknesses and what controls you are currently meeting and what controls you need to implement.

Impact Utah will provide CMMC-AB Registered Practitioner (CMMC-AB RP) consulting services and facilitate the development of a company cybersecurity program including:

  • Gap analysis
  • Risk mitigation plan of action
  • Supporting documentation templates (Plan of Actions and Milestones (POA&M)
  • NIST SP 800-171 self assessment score for Supplier Performance risk Systems (SPRS)
  • System Security Plan (SSP)
  • Incident Response Plan (IRP)
  • Security Awareness and Training plan
  • Policies and Procedures handbook

The following are included in our services depending on your needs:

CMMC Level 1

DELIVERABLES

  • Introduction to FAR & CMMC
  • Asset Inventory Training
  • Draft Network Diagram & FCI Dataflow Diagram
  • Perform 17 Practices Gap Analysis and Plan of Actions & Milestones (POA&M)
  • Develop a 17 Practices System Security Plan (SSP)
  • Identify Evidence for Practices
CMMC Level 1 Compliance Manager CMMC Level 1 Compliance Manager + CMMC Level 1 Compliance Manager Pro
Introduction to FAR, 17 Practices from NIST SP 800-171, & CMMC
CaaS Onboard Training
One Year Compliance Manager Subscription
CaaS Support
Quarterly Reviews
Annual Self-assessment Review - 17 GAP analysis & Plan of Actions and Milestones (POA&M)
Asset Inventory Training
17 Practices Gap Analysis and Plan of Action & Milestones (POA&M)
Develop System Security Plan (SSP) - Draft Network Diagram and Data Flow Diagram
Develop Cybersecurity Incident Response Plan (IRP)
Self-assessment Score and Reporting to SPRS

Contact us below for pricing and we will provide you with a proposal to meet your business needs.

CMMC Level 2

DELIVERABLES

  • Introduction to NIST SP 800-171, The Interim Rule, & CMMC
  • Asset Inventory Training
  • Draft Network Diagram & CUI Dataflow Diagram
  • Perform Gap Analysis and Plan of Actions & Milestones (POA&M)
  • Collect NIST SP 800-171 self-assessment Score and Post in the Supplier Performance Risk System (SPRS)
  • Develop a System Security Plan (SSP)
  • Create a Cybersecurity Incident Response Plan (IRP)
  • Build a Security Awareness and Training Plan
  • Provide Policies Template
  • Identify Evidence for Practices
CMMC Level 2 Compliance Manager CMMC Level 2 Compliance Manager + CMMC Level 2 Compliance Manager Pro
Introduction to DFARS, NIST SP 800-171, & CMMC
CaaS Onboard Training
One Year Compliance Manager Subscription
CaaS Support
Policies and Procedures Guidance
Quarterly Reviews
Annual Self-assessment Review - 17 GAP analysis & Plan of Actions and Milestones (POA&M)
Asset Inventory Training
Gap Analysis and Plan of Action & Milestones (POA&M)
Develop System Security Plan (SSP) - Draft Network Diagram and Data Flow Diagram
Develop Cybersecurity Incident Response Plan (IRP)
Self-assessment Score and Reporting to SPRS
Create Security Awareness & Training Program

Contact us below for pricing and we will provide you with a proposal to meet your business needs.

CMMC Pre-Assessment Readiness Review (For CMMC Levels 1 & 2)

iMpact Utah will assist the organization to be ready to go through a CMMC assessment by running a sample assessment that generates feedback based on objective evidence.

DELIVERABLES

  • Identify Evidence for all Practices and Processes
  • Collect and organize all Objective Evidence needed
  • Identify and list all observed gaps in objective evidence
  • Evaluate Organization preparedness
  • Perform a pre-assessment readiness check

Contact Us For Pricing

The MEP provides cybersecurity services at or lower than market average and potentially support grants that can be use for your business.

  • This field is for validation purposes and should be left unchanged.