DoD Contractors Guide to CMMC Compliance

Read our new eBook to learn how the new DoD Cybersecurity Maturity Model Certification (CMMC) requirement impacts DoD contractors.

The road to CMMC compliance may seem long and difficult, but this guide makes it much less daunting by explaining each and every step contractors need to take in order to prepare for it, achieve it, and maintain it. 

eBook Topics Include:

  1. What is CMMC?
  2. What  are the CMMC Certification Levels?
  3. What is the difference between FCI and CUI?
  4. What is the difference between 800-171 and CMMC?
  5. What contractors need to know about FAR and DFARS?
  6. CMMC Accreditation Body  and Ecosystem
  7. How to prepare for CMMC audit?
  8. What does a CMMC audit involve?
  9. How to ensure ongoing compliance?

Enter your email address to receive the eBook.

Download CMMC Compliance eBook

    Full Name*

    Email*

    Company*

    Phone Number



    Download the eBook

    In this eBook you will learn the following about CMMC:

    • CMMC overview
    • Who CMMC applies to and requirements
    • How it impacts defense contractors   
    • CMMC audit preparation and process
    • Certification process and ongoing compliance

    “The new CMMC framework is taking the defense industry by storm and there is a lot of confusion about what it involves and who it applies to. Our goal is to try to simplify all of the information on CMMC into a clear and consolidated guide for DoD contractors.”

    Payam Pourkhomami

    Payam Pourkhomami
    President & CEO
    OSIbeyond

    Excerpt From CMMC eBook

    The Cybersecurity Maturity Model Certification is a new requirement for DoD contractors and subcontractors. It brings together a number of older cybersecurity requirements to better protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). 

    “…all DoD contractors should expect to start seeing CMMC requirements as part of the RFP process from September 2020.  ”

    There are two major differences between the CMMC and older cybersecurity requirements: 

    • First, contractors will be audited by third-party assessors (the so-called Certified 3rd Party Assessment Organizations, or C3PAOs for short) based on the requested audit level, the C3PAO will determine if the contractor passes or fails the audit. In other words, the CMMC will not contain any self-attestation component, although contractors are encouraged to complete a self-assessment prior to scheduling a CMMC certification. 
    • Second, the CMMC defines five certification levels as a more flexible alternative to previous one-size-fits-all approaches. It’s up to contractors to pass audit at the level specified in Requests For Information (RFIs) and Requests for Proposals (RFPs).  

    Without cybersecurity policies outlining how to keep threats at bay and clearly stating what needs to be done when they do occur, small and medium size organizations are at a huge disadvantage in today’s world, where costly breaches and cyber-attacks are the new normal.

    The first full version of the CMMC was published on the website of the Office of the Under Secretary of Defense for Acquisition & Sustainment in January 2020, and all DoD contractors should expect to start seeing CMMC requirements as part of the RFP process from September 2020.  

    Eventually, all DoD contractors and subcontractors that handle FCI and CUI will be required to obtain a CMMC certificate. Only contractors that provide commercial-off-the-shelf products and don’t handle any CUI won’t be required to achieve one of the five levels of certification. 

    OSIbeyond has conducted extensive research and analysis of information from the Department of Defense and the CMMC Accreditation Body.  

    CONFIGURATOR

    Tell us about your organization.

    What services are you interested in (select all that apply)?

    CONFIGURATOR

    IT Support for1 users

    required licensing for remote control, patch management, and asset management at $6/user.

    Remote Monitoring & Management

    Retainer Plans

    Subscription Plan

    Unlimited remote, onsite, or after hours support $150 /user

    CONFIGURATOR

    Cloud Solutions

    Private Cloud Hosting

    Do you need an Application server (finance, AMS, CRM, Remote Desktop)? Includes 100GB hard drive, 8GB RAM, 1 CPU, Windows Server 2019, monitoring and patch management.

    Yes No

    Do you need a web server? Includes 100GB hard drive, 8GB RAM, 2 CPU, Windows Server 2019, monitoring and patch management.

    Yes No

    Do you need a Database server? Includes 200GB hard drive, 10GB RAM, 2 CPU, Windows Server 2019, monitoring and patch management.

    Yes No

    CONFIGURATOR

    Enhanced Security Services

    Includes:

    Yes No

    CONFIGURATOR

    Equipment Lifecycle Management Subscription based equipment provided at monthly fee.

    Do you need workstations?

    Yes No

    Do you need core infrastructure?

    Yes No

    CONFIGURATOR

    Ready to get started?




















      View Itemized List

      Summary

      Organization
      IT Support
      Cloud Solutions
      Cloud Solutions2
      Enhanced Security Services
      Equipment Lifecycle Management
      Final

      Total Monthly Recurring Cost:$500

      SUMMARY

      Services

      • IT Support
      • Cloud Solutions
      • Enhanced Security Services
      • Equipment Lifecycle Management

      IT Support

      • RMM licensing $6/user per month

      Cloud Solutions

      Enhanced Security Services

      • + Email Security
      • + Multi-Factor Authentication
      • + Security Awareness Training

      Equipment Lifecycle Management

      • Core Infrastructure $175.00/mo
      Back to Form

      summaryTotal Monthly Recurring Cost:$