Becoming compliant with the Cybersecurity Maturity Model Certification (CMMC)
Tim Fawcett, Guernsey's Director of Cybersecurity was selected and trained to be one of 75 Level 1-3 CMMC provisional assessors. As a provisional assessor, Tim will perform assessments, and provide feedback for defining and improving the CMMC assessment process. All DoD contract holders and subcontractors to DoD contracts will be required to comply with the CMMC or "Cybersecurity Maturity Model Certification." Many of the details related to CMMC have yet to be determined, but the time to prepare is now.
Guernsey can help you prepare for CMMC by helping you with:
- Performing a pre-assessment for CMMC.
- Helping you develop an SSP and POA&M.
- Design control activities that that are designed to create auditable artifacts.
- Help implement controls or recommend best practices to pass CMMC.
Guernsey is uniquely qualified to help with CMMC compliance:
- Guernsey is a DoD contractor and subject to CMMC.
- Guernsey does not sell managed services, compliance platforms, or software.
- We are certified security professionals.
- We are centrally located.
- We have been in business for over 92 years providing services to regulated industries and small to mid-sized organizations.
Make sure your CMMC assessment is being conducted by a trained assessor. If you maintain contracts with the DoD let Guernsey help you get started. Complete the free self-assessment gap report on our website.
The CMMC Final Rule has been published, and it will be effective on 12/16/2024.
Guernsey is the only Oklahoma based company to have achieved the Certified Third-Party Assessment Organization (C3PAO) status, which authorizes the firm to provide CMMC assessments, or “audits,” for clients seeking certification to meet their contractual obligations.
To schedule your company's C3PAO assessment, contact Timothy Fawcett, CISSP, Vice President Director of Cybersecurity Consulting, at Timothy.fawcett@guernsey.us or (405) 416-8182.