Note: Important Change as of November 2021
The Department of Defense announced a major overhaul to the Cybersecurity Maturity Model Certification (CMMC) program. No new contracts will feature CMMC compliance requirements until the Department completes its rulemaking process for CMMC 2.0. Read our summary of the changes, Goodbye CMMC 1.0, Hello CMMC 2.0. For more detailed information, visit the CMMC website.
Keiter’s Cybersecurity team will continue to monitor the rollout of the CMMC program and update you on new information and changing requirements for DoD contractors.
Fairfax, Newport News, and Virginia Department of Defense (DoD) contractors and subcontractors will soon be required to comply with the new Cybersecurity Maturity Model Certification (CMMC) standard. The new standard is designed to help counteract the significant increase in the compromises of sensitive defense information which is shared across the defense industrial base. In the past, DoD contractors have been responsible for maintaining certain cybersecurity practices, but under CMMC new requirements are added such as third-party assessments of compliance coupled with more robust protections. All DoD contractors will need to be compliant with CMMC to continue doing business with the DoD.
5 Levels of CMMC
Phased in over a five-year period, CMMC includes 5 maturity levels based on a Virginia DoD contractor’s access to Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). The first maturity level known as basic cyber hygiene requires the use of antivirus and passwords to control FCI. The requirements become more complex reaching a pinnacle with Level 5, Optimizing, which requires standardized processes to address Advanced Persistent Threats (APT).
Virginia Top DoD Spending Locations
Newport News CMMC Services
Many Newport News DoD contractors need assistance performing initial assessments to uncover issues and establish corrective actions. Our team has almost 20 years of experience providing cybersecurity on major frameworks such as NIST SP 800-171, NIST SP 800-53, HIPAA, and others. As CMMC RPO, our team can help DoD prime and subcontractors with the following:
Readiness Assessments and Gap Analyses Against the CMMC Framework
Assistance with Remediating Gaps Identified during Readiness Assessment
Assistance with NIST SIP 800-171 Self-Assessment that is recorded in Supplier Performance Risk System
Keiter provides CMMC readiness assessments and remediation services to DoD contractors across Virginia includingNorthern Virginia, Tidewater, and Central Virginia. If you are interested in learning how we can assist your organization, complete the form below and a team member will follow up promptly.