Cybersecurity Maturity Model Certification(CMMC)
Prepare and understand how the DoD’s new Cybersecurity Model impacts your business
CMMC Registered Provider Organization
Site2 is a Registered Provider Organization authorized by the CMMC Accreditation Body (CMMC-AB) to provide consulting services to DoD contractors and Organizations Seeking Ceritification (OSCs). We have Registered Practitioners (RPs) available on staff to assist and guide you to prepare for a CMMC audit.
Overview
The Defense Federal Acquisition Regulation Supplement (DFARS) 252.204.7012 established the National Institute of Standards and Technology’s Special Publication 800-171 Rev.2 (NIST 800-171) as the principle security standards for protecting both Controlled Unclassified Information (CUI) and Covered Defense Information (CDI) associated with Department of Defense (DoD) related contracts.
The Cybersecurity Maturity Model Certification (CMMC) builds upon the existing DFARS 252.204-7012 regulation. CMMC adds a verification component. The goal is for CMMC to be cost-effective and affordable for small businesses to implement at the lower CMMC levels. Site2 helps make that a reality.
- Applies to all contractors supporting the Defense Industrial Base (DIB)
- Learn how Site2 can assist with with the process controls and practices
- Comply before your audit
Site2 has CMMC Registered Practitioners to guide you through the implementation process.
- Gap Analysis & Basic Self-Assessments
- Plan of Actions and Milestones (POAM)
- System Security Plan (SSP)
- Policies and Processes
Cyberconverged Storage — meets 19 of the 110 NIST 800-171 controls
- Secures CUI files
- Audit Logging
- Access Control
- SIEM integration
CMMC Consultation
Start by scheduling a consultation with one of our CMMC Registered Practionion to get expert advice based on your unique needs. We can help cut through the confusion of NIST and CMMC to figure out the next steps for your business.
NIST Assessment | SPRS
As of November 30, 2020 all government contractors who sell into the DoD must be fully DFARS and NIST compliant. Get NIST certified quickly and submit your score to SPRS so you don’t miss out on new contracts!
System Security Plan
Do you have an SSP in place? Does it need updating? The SSP should accurately reflect your actual implementation of the controls or practices. A current and valid SSP is a critical requirement that can’t be overlooked for your audit.
Plan of Action & Milestones (POAM)
You are required to document how you plan to correct deficiencies and reduce or eliminate vulnerabilities in your system. The POAM will expose how many of the 110 security requirements will need to be fully implemented.
Remediation & Implementation
Executing your POAM and achieving full compliance is a full-time effort. However, completing the POAM and implementing your remediation plan will ensure compliance with NIST and ensure you are prepared for CMMC.
Maintaining Compliance
Often overlooked, maintaining compliance with DoD security standards can be a complex undertaking, and requires a documented plan and structured daily activities. We’ll help you determine the resources you’ll need to properly maintain compliance.
Schedule a call with our experts.
Clarks Summit Office
200 Abington Executive Park
Suite 207
Clarks Summit, PA 18411
570-558-5660
Latest Updates
Site2 Sponsors and Exhibits at MFG Day 2023
The Northeast PA Industrial Resource Center (NEPIRC) held their annual Manufacturer's Day on Friday, October 13, 2023 at the Mohegan Sun Hotel and Convention Center in Wilkes Barre, PA. Site2 was once again a proud sponsor and exhibitor. This was NEPIRC's most well...
Site2 Proudly Sponsors tecBridge Innovation Conference
The 5th Annual tecBridge Innovation Conference was held on August 3, 2023 at the Radisson Hotel and Convention Center in Scranton, PA. Site2 was once again a sponsor, and our very own Marc Gonzalez held a breakout sessions titled "Navigating Cyber Risks in an Age of...
Cybersecurity Webinar 102
This is the second installment of our two part Cybersecurity webinar series in partnership with NEPIRC. We take a deeper dive into the nuances of the NIST 800-171 r2 and CMMC 2.0 requirements. This cybersecurity framework and regulation respectively have manufacturers...