CMMC Version 2 Registered Practitioner (RP) Services

What is CMMC?

The Cybersecurity Maturity Model Certification (CMMC) program is aligned with the U.S. Department of Defense’s  (DoD) information security requirements. It protects sensitive unclassified information that the Department shares with its contractors and subcontractors. The program assures the Department that contractors and subcontractors are meeting the cybersecurity requirements that apply to acquisition programs and systems that process controlled unclassified information.*

Reference: https://dodcio.defense.gov/CMMC/About/ 

Do you want to support the U.S. Department of Defense Supply Chain (Defense Industrial Base)?   Your organization must be Level 1 and possibly Level 2 Cybersecurity Maturity Model Certified.  NIST SP 800-171 is the basis of CMMC.  Our experts and process will guide you.

 

Our CMMC Registered Practitioner services are a four-phase process to prepare for a formal assessment.  

The Servadus Approach to CMMC

Level 1 Activities

  • help determine which of the 15 practices are Met or  Not Applicable,
  • prepares a plan for practices that were Not Met,
  • track implementations of Not Met practices, and 
  • complete a final validation to support a self-certification.

Level 2 Activities

  • help determine CMMC Assessment Scope to map assets into one of the following five categories:
    • CUI Assets,
    • Security Protection Assets,
    • Contractor Risk Managed Assets,
    • Specialized Assets, and
    • Out-of-Scope Assets.
  • help determine which of the 100 practices are Met or  Not Applicable,
  • prepares a plan for practices that were Not Met,
  • track implementations of Not Met practices,
  • give unbiased feedback on solutions that satisfy outstanding requirements,
  • prepare for a C3PAO Audit by performing an audit readiness assessment,
  • planning the selection of the C3PAO and assessors/assessment teams responsible for conducting the assessments.