CMMC Levels 1 & 2 Compliance Services
Solution Development for Total Compliance.
CPI Systems offers a complete array of services to make it easy to bring your small or mid-sized business into CMMC level 1 or level 2 compliance. As with all government work, there are many processes that need to be followed and documentation that is required to demonstrate what actions are taking place for compliance. Below are the needed moving parts of a certification. CPI Systems can assist in one or all the needed actions below for CMMC Certification.
Services Included:
Gap Analysis
Gap analysis outlines the steps needed to build a bridge from where you are to where you need to be. CPISystems will look at what you already have in place to serve as a foundation for CMMC certification and what you need to acquire to obtain and maintain CMMC Certification. With just over one-hundred standards to “With 110 practices and 320 Assessment Objectives”, there is a lot to examine. This will serve as a basis for the Plan of Action and Milestones (POAM).
System Security Plan (SSP)
As part of the CMMC Certification, you will be required to have a System Security Plan (SSP) in place. This plan is part of ensuring compliance with DoD Defense Federal Acquisition Regulation Supplement (DFARS).The SSP outlines how an organization implements its security requirements and details the standards and guidelines followed by an organization.
Plan of Action/Milestones (POA&M)
Your NIST 800-171 Assessment & Score will result in your gap analysis and POA&M. In order to achieve CMMC Certification, you will be required to successfully complete all actions from your Plan of Action & Milestone (POA&M). Closing out these action items will require administrative (policies/procedures) & technical support with leadership commitment. We deliver a clear roadmap set forth based on your Gap Analysis, POA&M and SSP. Every organization will have a unique POA&M which will outline security risks along with the actions and resources needed to mitigate that risk in compliance with the NIST 800-171. While this is a requirement from the American Government, it is useful as a business tool to help outline the costs associated with continuing to do business with the DoD.
100% Documentation
Doing business with the Government is doing business in details, and every one of them needs to be documented. CPI Systems will help keep the red tape exactly where it needs to be.CPI Systems has developed a simple one document approach which can be easily maintained by you or CPI Systems if you choose. This one document is comprehensive and includes all:
- Policies – What mandatory rules your company has in place to protect DoD related work
- Practices – What work based actions are being done to fulfill the policies.
- Objective Evidence – What is the evidence that shows you are actually doing the practices set forth per policy
Information SystemConfiguration
All computer assets includinghardware,software, firmware,and basically anything IT related in your company needs to configured with DoD contracts in mind. Your digital platformand related controls should be set up in a way that is deemed secure for the Federal Contract Information (FCI), and Controlled Unclassified Information (CUI). CPI Systems will assist you in determining the system configuration changes needed to obtain and maintain CMMC Compliance.Total& Integrated Compliance Development (50 – 80 hours)Many organizations alsoneed to be CMMC certified while maintaining ISO Certification(s). The ISO standards which commonly intersect with CMCC areISO 9001 – AS9100, and ISO13485 – ISO 27001 as well as ISO 17020 for CMMC 3rd Party Assessor Organizations. If your business needs both ISO and CMMC; CPI Systems offers Integrated Compliance Management which includes:• Simplified System Documentation – One simplified policy and procedures document to meet selected ISO standards requirements, with Master Operations Workbook for Required Records Consolidation.
- Corrective Action system development &documentation (CARS records)
- Complete Internal Audit – Audits all system processes including document revisions to match actual practices, with Internal Audit Report.
- Complete Management Review – Includes Management Review Report
- System Overview Training–Delivered online for all employees.
- Final system revisions and facilitation of ISO Certification process through certification.
- •ntegration of multiple ISO standards into one simplified Business Management System.