• Cybersecurity Maturity Model Certification
    (CMMC)

Assessment, Certification, and Management Services

The U.S. federal government requires contractors to safeguard its data – in accordance with regulations and standards that are already in place. However, guidance around the applicability, implementation, and compliance for these requirements has been inconsistent (at best!). Many contractors continue to operate with non-compliant and vulnerable information systems.
 
To address these cybersecurity risks, the DoD has introduced the CMMC framework. Beginning in 2020, all contractors and subcontractors must be certified by a Certified 3rd Party Assessment Organization (C3PAO).
 
BDO works with government contractors of all sizes, across the country, and in a wide range of industries. Our dedicated team can help clients achieve their CMMC goals in a variety of ways, including:

  • Planning: identification of Federal Contract Information and Controlled Unclassified Information within your environment; determination of specific certification needs.
  • Readiness: determination of target certification level and identification of deficiencies; may also include a review of supply chain management.
  • Remediation: ensuring processes are conducted and documented in a manner to provide supporting evidence during certification assessment.
  • Certification: conducting verification procedures necessary for achieving desired CMMC certification level, which must be conducted by an independent and accredited C3PAO.
  • Ongoing Program Management: supporting cybersecurity governance and oversight, including continuous monitoring of operating effectiveness, threats, and the regulatory environment.

 
As of March 2020, the accreditation process has not yet been defined, and no C3PAOs exist. BDO plans to become a C3PAO, and we are continuously monitoring program developments and updates as they are made available by the Accreditation Body.