Cybersecurity Maturity Model Certification (CMMC)

Cybersecurity Maturity Model Certification (CMMC)

DoD contract holders and subcontractors to DoD contracts that interact with Controlled Unclassified Information (CUI) will be required to comply with and assessed to the CMMC or "Cybersecurity Maturity Model Certification". Updated requirements known as CMMC 2.0 are undergoing review through government rulemaking. We do know it is on the way and the time to prepare is now.

Guernsey can perform an official CMMC Assessment

  • As an Authorized C3PAO we can enter into contracts to perform official assessments.
  • There may be incentives for early adoption.
  • Oklahoma Defense Industrial Base (DIB) companies now have a local resource.

Guernsey will prepare your company for CMMC by:

  • Assisting with the implementation of your CMMC program.
  • Aid in the development of a System Security Plan (SSP) and Plans of Action and Milestones (POA&Ms).
  • Designing control activities generated to create auditable artifacts.
  • Help implement controls or recommend best practices to pass CMMC.
  • Serve as part of the company's team and assist during the third-party assessment.

Guernsey is uniquely qualified to help with CMMC compliance:

  • Guernsey is one of the first companies in the country to pass a DoD assessment against CMMC 2.0 controls to become an authorized C3PAO.
  • Guernsey is a DoD contractor and subject to CMMC.
  • Guernsey does not sell managed services, compliance platforms, or software.
  • Guernsey's Subject Matter Experts (SMEs) are certified security and audit professionals.
  • Guernsey is centrally located in the United States.
  • Guernsey is in our 10th decade of business providing services to regulated industries and small to mid-sized organizations.