Cybersecurity Maturity Model Certification (CMMC) Professional Consulting & Assessor Services
Cybersecurity Maturity Model Certification (CMMC) Professional Consulting & Assessor Services
NOTE: THIS PAGE IS UNDER DEVELOPMENT – ROC’s CMMC v2.0 Capability. Rose Osborne 6/8/2023
The Cybersecurity Maturity Model Certification (CMMC) v2.0, a Department of Defense (DoD) standard, will be required for US and NATO Defense Industry Base (DIB) contractors. Its purpose is to ensure robust protection and safeguarding of DIB’s Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). CMMC v2.0 Framework is used to assess Organization Seeking Certification (OSC) compliance to the standard. OSC’s that have implemented and independently been assessed and certified by CMMC Third-Party Assessment Organizations (C3PAOs) allow the DoD selection of DIB Contractors that have demonstrated information security CMMC best practices have been implemented effectively. CMMC v2.0 includes Level 1 and Level 2, 110 control requirements set forth by NIST SP 800-171, that has been determined to be in scope.
ROC® leads your organization in the understanding and implementation of DoD CMMC v2.0 practices and their control requirement(s) validation. 110 practice/controls requirements.
Cyber AB CMMC v2.0 Site: Terminology | Cyber-AB (cyberab.org)
Cybersecurity Maturity Model Certification (CMMC) Professional (CCP) Consulting Service
Initially, ROC® works with Senior Leadership to describe their role, responsibilities, and needed resources moving forward, including the OSC Scope. A CCP is responsible for the assessment, examination, verification, and review of an organization for compliance to a respective level of CMMC standards. ROC will utilize compliance checklists prescribed by the CMMC standard to control scope and ensure fairness in applied criteria. Together we will perform a gap analysis and create a proficient tailored project plan illustrating a clear roadmap for building and implementing your complaint Defined Process Library System. ROC® has weekly virtual meeting/training/working sessions. ROC® knowledge in multiple contractual standards expedites assessment compliance readiness. ROC® will streamline and optimize processes that require re-engineering for effective coverage. ROC® client’s CMMC experience ranges from novice to experience with an inhouse security team. ROC® leads your organization in the understanding and implementation of DoD’s CMMC best practices, empowering an organization to improve their key capabilities performance along with a clear roadmap for building, improving, and benchmarking security capability one client at a time.
ROC® provides guidance with development of the requirements traceability Matrix ( a Cyber AB Template) (input requirement with v2.0) and in completing and document requirements validation. ROC®’s program includes a pre assessment readiness exercise ensuring your team shines while representing your organization.
Cybersecurity Maturity Model Certification (CMMC) Assessor (CCA) and CCP Assessment Team Member(s)
ROC® CCP and/or CCA worked directly with an Cyber AB accredit the CMMC Third-Party Assessment Organizations (C3PAOs) that conduct CMMC Assessments of companies within the Defense Industrial Base (DIB), as an independent Assessment Team Member.
Cyber AB Certified CCPs, CCAs and C3PAOs are listed on Cyber AB market Place: Cyber AB > Directory
CMMC Rule: Individuals holding multiple designations CCP/CCA Certifications cannot assess a company if they have previously assisted with an implementation consultation for that same company.
CMMC Readiness Key Steps
- Evaluating OSCs against CMMC Level 2
- CMMC Level 2 Assessment Scoping
- CMMC Assessment Process (CAP)
- Assessing CMMC Level 2 Practices
Remember, ROC® does not abandon your organization once you have achieved your successful assessment results. The Project Plan includes a transition and maintenance mentoring period to ensure you continue to perform at an elevated level using and fine tuning these processes in order to enforce obtaining a profitable ROI.