• Cybersecurity Maturity Model Certification
    (CMMC)

Assessment, Certification, and Management Services

The U.S. federal government requires contractors to safeguard its Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) – in accordance with regulations and standards that are already in place. However, guidance around the applicability, implementation, and compliance for these requirements has been difficult for many businesses to digest and implement. Many Defense Contractors continue to operate with non-compliant and vulnerable information systems.
 
To address these cybersecurity risks and standardize preparedness, the United States Department of Defense (DoD) introduced the CMMC framework. Organizations who conduct business with the DoD will be required to achieve a CMMC prior to receiving contract awards and will need to obtain certification from an accredited CMMC Third-Party Assessment Organization (C3PAO). The C3PAO will conduct an independent audit and inform risk. The DoD began releasing Requests for Information (RFIs) containing CMMC requirements in early 2021, with plans to implement CMMC requirements for all active DoD contract awards by early 2026.
 
BDO works with government contractors of all sizes, across the country, and in a wide range of industries. Our dedicated team can help clients achieve their CMMC goals in a variety of ways, including:

  • Planning: identification of FCI and CUI within your environment; determination of specific certification needs.
  • Readiness: determination of target certification level and identification of deficiencies; may also include a review of supply chain management.
  • Remediation: ensuring processes are conducted and documented in a manner to provide supporting evidence during certification assessment.
  • Certification: conducting verification procedures necessary for achieving desired CMMC certification level, which must be conducted by an independent and accredited C3PAO.
  • Ongoing Program Management: supporting cybersecurity governance and oversight, including continuous monitoring of operating effectiveness, threats, and the regulatory environment.

 
BDO plans to become a C3PAO, and our highly credentialed and experienced team includes CMMC-AB Certified Registered Practitioners (RP) on staff to provide CMMC and NIST 800-171 framework guidance, assessment, policy creation and full-scope cyber architecture consulting to narrow the scope of your assessment to make it manageable, efficient and cost-effective to implement. We are continuously monitoring program developments and updates as they are made available by the CMMC Accreditation Body.

BDO LOCATIONS
Country: United States Change