Cybersecurity Maturity Model Certification services

Helping your business understand and comply with new CMMC regulations

Defensive contractors and the entire government contracting supply chain are facing more sophisticated cybersecurity challenges, made increasingly more complicated with the continued threat of third-party breaches of controlled unclassified information (CUI). In response to the increased need for security measures, the Department of Defense (DoD) recently released the Cybersecurity Maturity Model Certification (CMMC) to enhance the information security expectations that its prime contractors and subcontractors in the defense industrial base (DIB) must maintain in order to protect CUI.

In an attempt to improve the protection of CUI, as well as the effectiveness of vendors’ security posture, the DoD released CMMC v1.0 on Jan. 31, 2020. The CMMC framework defines a new, tiered approach of certifying the cybersecurity posture of all organizations that provide goods and services to the DoD, regardless of the amount of confidential data (e.g., CUI) they handle.

Aproximately 300,000 contractors and subcontractors within the DIB will be required to be CMMC certified to continue working on or seeking out new DoD contracts.

Contact a risk advisory specialist

Developing your CMMC compliance plan

RSM’s risk consulting team has decades of experience working with government contractors. We routinely work with organizations like yours, helping navigate difficult business decisions and balance potential revenue loss from lost contracts with the cost of compliance. Our experienced team provides the key insights and advice that you need to implement a comprehensive and effective CMMC compliance program.

Preparing for the Cybersecurity Maturity Model Certification

Prepare and maintain: We know that achieving and maintaining compliance with the CMMC requirements can be a challenge for some organizations. Our CMMC advisory services can help you build a repeatable, efficient process for achieving and sustaining compliance, minimizing scope and right-sizing your cybersecurity program. Some of the related services that RSM offers include:

  • Assessing your readiness for the new CMMC requirements, including identifying gaps and developing action plans to close them
  • Helping to implement or streamline your CMMC compliance program by:
    • Identifying business processes related to storage, transmission and processing of DoD-related information
    • Minimizing the scope of systems that must be certified based on how DoD information flows through your environment
    • Improving the design and implementation of security practices and controls to reduce ongoing efforts to maintain compliance 
  • Developing and implementing policies, processes and technologies required to close any compliance gaps that you’ve identified

Certify: The CMMC accreditation body is still working on the certification criteria and process, and as a result, no organizations can certify CMMC maturity levels yet. However, RSM anticipates becoming a certified third-party assessor organization (C3PAO) for CMMC in the future.

The CMMC framework can be difficult to implement and maintain, but compliance is required to continue doing business with the DoD moving forward. Contact RSM to learn how we can design and implement an effective compliance program that brings your security processes, practices and controls in line with new regulations.

Related resources

How new CMMC requirements will affect your organization


How new CMMC requirements will affect your organization

Defense contractors must comply with new Cybersecurity Maturity Model Certification guidelines soon to remain eligible to work with the DoD.

5 indications you need CMMC advisory services


5 indications you need CMMC advisory services

Learn how CMMC advisory services can help to align security practices and controls with new cybersecurity requirements from the DoD.