Cybersecurity Maturity Model Certification (CMMC)
Cybersecurity Maturity Model Certification (CMMC)
DoD contract holders and subcontractors to DoD contracts that interact with Controlled Unclassified Information (CUI) will be required to comply with and assessed to the CMMC or "Cybersecurity Maturity Model Certification". Updated requirements known as CMMC 2.0 are undergoing review through government rulemaking. We do know it is on the way and the time to prepare is now.
Guernsey can perform an official CMMC Assessment
- As an Authorized C3PAO we can enter into contracts to perform official assessments.
- There may be incentives for early adoption.
- Oklahoma Defense Industrial Base (DIB) companies now have a local resource.
Guernsey will prepare your company for CMMC by:
- Assisting with the implementation of your CMMC program.
- Aid in the development of a System Security Plan (SSP) and Plans of Action and Milestones (POA&Ms).
- Designing control activities generated to create auditable artifacts.
- Help implement controls or recommend best practices to pass CMMC.
- Serve as part of the company's team and assist during the third-party assessment.
Guernsey is uniquely qualified to help with CMMC compliance:
- Guernsey is one of the first companies in the country to pass a DoD assessment against CMMC 2.0 controls to become an authorized C3PAO.
- Guernsey is a DoD contractor and subject to CMMC.
- Guernsey does not sell managed services, compliance platforms, or software.
- Guernsey's Subject Matter Experts (SMEs) are certified security and audit professionals.
- Guernsey is centrally located in the United States.
- Guernsey is in our 10th decade of business providing services to regulated industries and small to mid-sized organizations.
What is CMMC?
To protect American ingenuity and national security information, the DoD developed CMMC 2.0 to dynamically enhance DIB cybersecurity to meet evolving threats and safeguard the information that supports and enables our warfighters.
CMMC 2.0 FAQS
The Office of the Under Secretary of Defense for Acquisition & Sustainment has provided answers to several common questions.
Governance Risk and Compliance (GRC)
Guernsey can help you meet regulatory and compliance obligations by implementing a Governance Risk and Control Program. Depending on regulatory or contractual requirements, organizations may be required to be compliant with different cybersecurity frameworks, pass a regulatory review or audit such as CMMC and SOC2.
The Guernsey / HoganTaylor Partnership
Guernsey, the only Oklahoma-based Certified Third-Party Assessment Organization (C3PAO), has partnered with HoganTaylor, one of the largest business advisory and public accounting firms in Oklahoma and Arkansas, to provide Cybersecurity Maturity Model Certification (CMMC) services.
CMMC 2.0 Readiness Tool
Guernsey has created this CMMC Preparation Tool
Guernsey has created this CMMC Preparation Tool to help you measure your current ability to comply with CMMC. With the results, you will be able to identify your organization's current level of NIST800-171 and CMMC maturity and identify improvement opportunities. Use this tool to document the required NIST800-171 assessment.
To schedule time to discuss how Guernsey can help your company with CMMC compliance:
call us at 405.416.8182
Email timothy.fawcett@guernsey.us
or schedule a meeting: Book a Meeting
Contact Us & GSA Schedule 70
Engage Guernsey through Schedule 70.
Organizations that are eligible to purchase through GSA schedules can engage Guernsey through Schedule 70 - Contractor Awarded Unique Entity ID (DUNS): 062275144
Or contact us directly:
call us at 405.416.8182
Email timothy.fawcett@guernsey.us
or schedule a meeting: Book a Meeting