433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | [email protected] | Office: (656) 236-3022

CMMC Solutions

Poseidon is positioned to steer Department of Defense (DoD) contractors, compliance practitioners, and assessors through the mandatory Cybersecurity Maturity Model Certification (CMMC) compliance framework process. Our solutions includes a blend of products and services designed to help you and/or your clients strengthen their cybersecurity controls throughout the organization and prepare for certification.

Current DoD CMMC 2.0 Requirements

The Department of Defense via Office of the Under Secretary of Defense (OSD) Acquisition & Sustainment has created a new cybersecurity standard and certification requirement for defense contractors called the Cybersecurity Maturity Model Certification (CMMC). It’s sole purpose is to reduce the exfiltration of Controlled Unclassified Information (CUI) from the Defense Industrial Base (DIB) and secure the supply chain through the implementation of 48 CFR 52.204-21, NIST SP 800-171, NIST 800-172, DFARS Clause 7012, among other standards.

  • CMMC efforts build upon existing regulation (DFARS 252.204-7012) that is based on trust by adding a verification component with respect to cybersecurity requirements.
  • The goal is for CMMC to be cost-effective and affordable for small businesses to implement at the lower CMMC levels.
  • The intent is a combination of self-assessment and/or certified assessment depending on the level required by the contract and authorizes as it may be a critical independent 3rd party organizations to conduct audits and inform risk.
OSD implements tiered assessment (CMMC 2.0) requirements based on the sensitivity of the information shared with a contractor. Upon implementation of CMMC 2.0:
  • Contractors who do not handle information deemed critical to national security (Level 1 and a subset of Level 2) will be required to perform annual self-assessments against clearly articulated cybersecurity standards.
  • Contractors managing information critical to national security (a subset of Level 2) will be required to undergo third-party assessments.
  • The highest priority, most critical defense programs (Level 3) will require government-led assessments.

CMMC 2.0 Maturity Model

DoD Contractors need to determine which CMMC level they want or need to obtain and implement the controls necessary for compliance. Contractors that have already implemented NIST SP 800-171, ISO 9001, ISO/IEC 20000-1 and ISO/IEC 27001, should be 85-90% compliant to the new CMMC requirements.  Additional controls will be provided in NIST 800-172.

CMMC Analysis, Implementation/Configuration, and Assessment Services

Poseidon has certified Registered Practitioners and Provisional Assessors with the Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB), are strategically partnered with Registered Provider Organization’s (RPOs) and CMMC Third-Party Assessor Organization (C3PAO), in addition to applying for a C3PAO certification. We will deliver CMMC assessments for Organizations Seeking Certification (OSCs). Look for us in CMMC-ABs Marketplace https://cmmcab.org/marketplace/

Poseidon will assist DoD contractors in preparing for CMMC. Contact us to learn everything you need to know about preparing for the Cybersecurity Maturity Model Certification (CMMC), which is mandatory for DoD contractors.

See CMMC videos featuring our CEO on our Events page: https://poseidon-us.com/events