There’s a change happening rapidly in the Defense Industrial Base (DIB), which will have an impact on every company that aspires to do business with the federal government. It’s called Cybersecurity Maturity Model Certification or CMMC, and whether you’re a large billion-dollar prime contractor or a single-scope small budget subcontractor, CMMC will have an impact on the way you conduct business.

The premise of CMMC is simple: The Department of Defense (DoD) will hold information security as foundational to acquisition — on par with cost, schedule, and performance — when awarding contracts. The new requirement builds upon existing Defense Federal Acquisition Regulation Supplement (DFARS) regulations by adding a verification factor to contractor cybersecurity controls and enhancing the protection of controlled unclassified information (CUI) within the supply chain. Alluvionic CMMC Capabilities

With both large and small organizations facing a new regulatory reality of assessment for CMMC compliance by independent, sanctioned third-party auditors, Alluvionic® is ready to establish partnerships to meet these challenges and help reach any desired CMMC maturity goals. Alluvionic® provides Project Assurance™ by combining technical project management with organizational change management and risk management to assure the delivery of successful CMMC projects.

Alluvionic’s full spectrum of CMMC services includes:

  • Advisory: Are you unsure whether CMMC applies to your organization? Have you received a compliance request from the DoD or your prime contract holder? Are you wondering how your current NIST 800-171 or DFARS 252.204-7012 capabilities transfer to the CMMC practices and processes? Alluvionic’s team of experts, acting as an objective third party, can help you answer these questions and interpret the impact of CMMC to your environment. We can also perform a gap analysis on your environment/organization to help devise a roadmap to your desired CMMC maturity level.
  • Remediation: (run it like a project) We offer a suite of remediation services dedicated to helping you meet or exceed your desired CMMC maturity level. These services include developing security documents, resolving threat and vulnerability assessment findings, managing organizational change, and assessing technology.
  • Attestation: CMMC assessment services are expected to become available in the final quarter of 2020. Once certified C3PAOs become available, we will support organizations that are ready for final assessment and certification.