Are you really DFARS/NIST 800-171 compliant, the baseline for CMMC? All DoD contracts require compliance now.
Do you have a roadmap to transition from DFARS/NIST 800-171 To CMMC?
DoD leadership is profoundly concerned about contractor cybersecurity and protecting DoD supply chains from cyber attack is a top priority.
DoD has stated that traditional measures of contractor performance cost, schedule and quality are insufficient to measure contractor cyber security. Limited adoption of NIST 800-171 self-certification standards prompted the DoD to seek third-party auditor verification that contractors adopt and maintain an appropriate level of cyber security.
By developing an auditable process, the Cybersecurity Maturity Model Certification (CMMC), DoD mandates measurable standards for third-party verified cyber security for all contractors.
All DoD contractors must meet CMMC standards in order to hold a DoD contract starting in FY2021.
A leader in NIST 800-171 compliance support, LP3 offers a fixed price NIST 800-171 assessment to include a System Security Plan, POA&M, and a roadmap plan to get your company to CMMC compliance in time to continue to receive DoD contract awards.
Compliance Assessment Deliverables:
- Draft System Security Plans (SSP)
- Plan of Action & Milestone (POA&M) Report on gaps and mitigations
- Draft policies cross-referenced to CMMC & NIST SP 800-171 RMF Controls
- If already DFARS/NIST 800-171 Compliant, draft CMMC Roadmap customized to achieve CMMC L3 compliance over the next 12 months
- Executive Summary and Final Report on Compliance (ROC)
Compliance Support Services:
In order to maintain your current compliance status, there are several controls within the CMMC/ NIST 800-171 Framework that need to be maintained on a Periodic basis. The following cost-effective services have been developed by LP3 for small and medium businesses to meet these requirements
- External and Internal Penetration Testing
- Internal Credentialed Vulnerability Scans
- Staff Security Awareness Assessment/Training (Includes Phishing, Vishing, and Spear Phishing testing)
- Virtual CISO (V-CISO) consulting services
Contact LP3. We will be glad to help you make an informed decision on cyber security for your organization.