Dopkins is a CMMC Registered Provider Organization (RPO) for companies doing business with the United States Department of Defense (DoD).
The Cybersecurity Maturity Model Certification (CMMC) was developed by the United States Department of Defense (DoD) and went into effect November 30, 2020. It is meant to protect against the theft of intellectual property and sensitive information within the Defense Industrial Base (DIB). CMMC will be implemented using a phased rollout between 2021 and 2026 with all contractors within the DIB needing to be certified by 2026 at the latest. CMMC is based on, and replaces the previous requirements of, DFARS and NIST 800-171. Previously there was a list of 110 requirements that contractors would self-report they comply with, now contractors will need to be certified at the required CMMC level prior to receiving contracts from the DoD.
Watch our full-length CMMC overview here!
Have a specific question about CMMC?
- Click to view our video by topic segments:
CMMC assesses practices which are specific steps or procedures that an organization should be performing within each domain to protect itself from common threats; and processes which are policies and documentation which help determine how consistently the practices will be applied or performed. Practices and processes are assessed as five different levels that represent progressively more mature and robust security practices and processes.
Level 1 – Safeguard Federal Contract Information (FCI)
Processes are performed
Practices are considered “Basic Cyber Hygiene”
Level 2 – Transition to Level 3
Processes are documented
Practices are considered “Intermediate Cyber Hygiene”
Level 3 – Protect Controlled Unclassified Information (CUI)
Processes are managed
Practices are considered “Good Cyber Hygiene”
Level 4 – Additional protection of CUI and reduce risk of Advanced Persistent Threats (APTs)
Processes are reviewed
Practices are considered “Proactive”
Level 5 – Additional protection of CUI and reduce risk of Advanced Persistent Threats (APTs)
Processes are optimized
Practices are considered “Proactive/Advanced”
Sign up for a free CMMC consultation to evaluate your organization’s status:
Our assessment process:
- Through interviews and observations, we mutually review the practices contained in your target level.
- For each practice we will ascertain whether the practice is currently being performed or not, and how it is being performed.
- We provide guidance on best practices and options to accomplish currently unperformed or incomplete practices.
- We mutually review the maturity of processes contained in your target level including documentation, policies, and planning.
Upon completion of the assessment, the client will have a list of CMMC practice gaps and recommendations. Process maturity will be identified for each practice in your target level. Each practice that requires additional documentation, policies, or planning will be reported.
We then suggest an action plan that offers a realistic approach to reaching your target level. New security practices can be overwhelming. Our action plan structures implementation timing and shared responsibilities to create a sustainable security culture.
Our remediation assistance services include:
- Risk Assessments
- User training and testing
- Identifying and implementing technical controls
- Assistance with documentation development
- Creating policies
- Incident response plans
For more information, please contact Patrick Rost CMMC-AB RP at email@example.com.