CMMC Version 2 Registered Practitioner (RP) Services
What is CMMC?
The Cybersecurity Maturity Model Certification (CMMC) program aligns with the U.S. Department of Defense’s (DoD) information security requirements. The certifications help companies protect sensitive unclassified information that the Department shares with its contractors and subcontractors. The program assures the Department that contractors and subcontractors meet the cybersecurity requirements that apply to acquisition programs and systems that process controlled unclassified information.*
Reference: https://dodcio.defense.gov/CMMC/About/
Do you want to support the U.S. Department of Defense Supply Chain (Defense Industrial Base)? Your organization must be Level 1 and possibly Level 2 Cybersecurity Maturity Model Certified. NIST SP 800-171 is the basis of CMMC. Our experts and process will guide you.
Our CMMC Registered Practitioner services are a four-phase process to prepare for a formal assessment.
The Servadus Approach to CMMC
Level 1 Activities
- help determine which of the 15 practices are Met or Not Applicable,
- prepares a plan for practices that were Not Met,
- track implementations of Not Met practices, and
- complete a final validation to support a self-certification.
Level 2 Activities
- help determine CMMC Assessment Scope to map assets into one of the following five categories:
- CUI Assets,
- Security Protection Assets,
- Contractor Risk Managed Assets,
- Specialized Assets, and
- Out-of-Scope Assets.
- help determine which of the 100 practices are Met or Not Applicable,
- prepares a plan for practices that were Not Met,
- track implementations of Not Met practices,
- give unbiased feedback on solutions that satisfy outstanding requirements,
- prepare for a C3PAO Audit by performing an audit readiness assessment,
- planning the selection of the C3PAO and assessors/assessment teams responsible for conducting the assessments.
Need support with an assessment? Visit our assessment page or online store.