Thorough CMMC Assessment
Identify Current Security Needs
Recommendation of Improvements
System Security Plan and Plan of Action & Milestones
Present Findings and Security Reports
Ongoing Cybersecurity Monitoring
CMMC stands for Cybersecurity Maturity Model Certification. Since the Department of Defense (DoD) announced the CMMC requirement, Winsor has taken the steps to implement the requirements for this certification with our clients and inform businesses of any possible risk. The goal of this certification is to comply to the DoD’s standards and to reduce the cyber threats for your company. Along with reducing the threats, the CMMC is intended to ensure that the cybersecurity practices and processes are in place to protect controlled unclassified information (CUI).
3 Steps to Achieve Your CMMC
No matter the size of your business, whether you are a Prime or a Subcontractor, you will need to comply with the CMMC requirements. Winsor will perform a thorough cybersecurity assessment based on the NIST framework and the controls set forth in CMMC. Then we will assist or perform remediation on the findings from the assessment. In order to stay compliant, we must then continue to adhere to the CMMC requirements.
We perform a detailed assessment of your current network and compare this with the cyber security controls required in NIST SP 800-171. We then prepare an SSP and POAM so that you can provide documented evidence to the DoD or your Prime that you’re on your way towards compliance. This step then serves as the basis for creation of the remediation plan.
In this step the items called out in the POAM need to be addressed. Depending on the current state of your IT systems, this can be as simple as implementing multi-factor authentication and security awareness training or as complex as refreshing an entire aging infrastructure.
Ongoing advanced cybersecurity monitoring and incident response capabilities are required to remain compliant. If a cyber incident occurs you must notify the DoD through the DIBNet Portal within 72 hours. You must also constantly assess and maintain the NIST 800-171 controls over time as systems change and fall out of alignment.
How can Winsor help you?
Included in RFIs starting June 2020
Included in RFPs starting Fall 2020
How does it affect government contracts?
The government determines the appropriate tier for the contracts they administer. A goal for having this is to make cybersecurity an ‘‘allowable cost’’ for DoD contracts. The Defense Counterintelligence and Security Agency (DCSA) will include CMMC assessments as part of their holistic security rating score.
Do I need an assessment?
Why does anyone need an assessment?
Regular Security Assessments
Not only do we offer you CMMC assessments, but we also want you to use our regular security assessments to comply with any other standard or regulations. To keep your company secure, we offer you regular security assessments that can help meet other compliances, such as HIPAA, SOC2, and GLBA. If you are wondering about your business’s vulnerabilities, risks, or preparedness, you should receive our regular security assessments. Small business’s can carry the biggest potential for falling victim to a security breach or attack, so maintaining an assessment can eliminate the risks.
Health Insurance Portability and Accountability Act
Why you need this assessment
Any business wanting a better understanding of their current IT environment.
Merger and acquisition or divestiture activity
System failures or security breech
An employee has recently resigned, and you want objective, 3rd party documentation of the current environment and the health of the systems
You have slow application performance, or intermittent network outages, and unsure of the source
It has been several years since an investment has been made in your IT infrastructure, and you want a prioritized list of projects that will deliver the greatest value with the least investment
You are considering using managed services to delivery some of your IT systems, and need an accurate inventory to obtain pricing
Leadership has asked for a benchmark of your current IT systems relative to cyber security threats and Cloud IT opportunities