433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (656) 236-3022

CMMC Solutions

Poseidon is positioned to steer Department of War (DoW) contractors, compliance practitioners, and assessors through the mandatory Cybersecurity Maturity Model Certification (CMMC) compliance framework process. Our solutions includes a blend of products and services designed to help you and/or your clients strengthen their cybersecurity controls throughout the organization and prepare for certification.

Current DoW CMMC Requirements

The Department of War via Office of the Under Secretary of War (OSD) Acquisition & Sustainment has created a new cybersecurity standard and certification requirement for defense contractors called the Cybersecurity Maturity Model Certification (CMMC). It’s sole purpose is to reduce the exfiltration of Controlled Unclassified Information (CUI) from the Defense Industrial Base (DIB) and secure the supply chain through the implementation of FAR 52.240-93, NIST SP 800-171 Rev. 2 (ML1 consists of 17 controls / ML2 consists of 110 controls) / 172 (ML3 consists of +35 Enhanced Requirements), NIST 800-171A, DFARS Clause 7012, DFARS clause 252.204-7997, and DFARS clause 252.204-7021, among other standards.

  • CMMC efforts build upon existing regulation (DFARS 252.204-7012) that is based on trust by adding a verification component with respect to cybersecurity requirements.
  • The goal is for CMMC to be cost-effective and affordable for small businesses to implement at the lower CMMC levels.
  • The intent is a combination of self-assessment and/or certified assessment depending on the level required by the contract and authorizes as it may be a critical independent 3rd party organizations to conduct audits and inform risk.

OSD implements tiered assessment (CMMC) requirements based on the sensitivity of the information shared with a contractor. Upon implementation of CMMC:

  • Contractors who do not handle information deemed critical to national security (Level 1 and a subset of Level 2) will be required to perform annual self-assessments against clearly articulated cybersecurity standards.
  • Contractors managing information critical to national security (a subset of Level 2) will be required to undergo third-party assessments.
  • The highest priority, most critical defense programs (Level 3) will require government-led assessments.

CMMC Maturity Model

DoD Contractors need to determine which CMMC level they want or need to obtain and implement the controls necessary for compliance. Contractors that have already implemented NIST SP 800-171, ISO 9001, ISO/IEC 20000-1 and ISO/IEC 27001, should be 85-90% compliant to the new CMMC requirements.  Additional controls will be provided in NIST 800-172.

DEFEND THE MISSION. SECURE THE CONTRACT. MAINTAIN THE ADVANTAGE.

CMMC Advisory Services for the Defense Industrial Base

The Department of War is raising the cybersecurity bar. Organizations that cannot protect Controlled Unclassified Information (CUI) risk losing access to current contracts, future opportunities, and critical positions within the defense supply chain.

Poseidon Cyber Advisory Services helps aerospace, defense, manufacturing, semiconductor, and satellite organizations build secure CUI environments and achieve CMMC readiness without slowing mission execution.

Mission Requirements Demand Mission-Ready Security

Whether you’re supporting next-generation aircraft, satellite communications, advanced manufacturing, autonomous systems, semiconductors, or national security programs, your cybersecurity program must be capable of defending against today’s threat landscape while meeting tomorrow’s contract requirements.

We help organizations:

  • Protect Controlled Unclassified Information (CUI)
  • Maintain eligibility for DoD contract awards
  • Reduce certification risk and implementation costs
  • Accelerate CMMC readiness
  • Strengthen resilience against nation-state threats
  • Enable growth across defense and government markets

From Business Case to Certification Readiness 

Organizations face challenges streamlining and managing their data center investments, addressing security threats and maintaining resources to ensure systems are responsive to change. Our enterprise-based approach to Data Center Solutions simplifies management of IT assets and operations and enables effective management of business needs with technology investments. Customers trust our ability to provide solutions that offer energy efficiency, automation, virtualization, consolidation and business continuity. Our Data Center Solutions help clients meet the growing demand for IT services while cutting operating costs, addressing power and cooling capacity concerns and handling physical security constraints.

1. Assess the Mission

  • Business Impact Assessments
  • Contract and DFARS Analysis
  • Revenue Protection and ROI Modeling
  • CMMC Investment Justification

4. Sustain the Mission

  • Continuous Compliance
  • Executive Reporting
  • Annual Assessments
  • Ongoing Advisory Support

2. Define the Battlespace

  • CUI Identification
  • Boundary Definition
  • Data Flow Mapping
  • Supply Chain Analysis

5. Prepare for Inspection

  • NIST SP 800-171 Gap Assessments
  • SPRS Scoring
  • POA&M Development
  • Mock Assessments
  • C3PAO Readiness Reviews

3. Build the Enclave

  • Microsoft GCC / GCC High, AWS GovCloud, GCP Federal, Oracle GovCloud
  • Cloud, On-Premises, and Hybrid Architectures
  • Zero Trust Design
  • Security Control Implementation

Built for High-Consequence Environments

  • Aerospace and Defense
  • Space and Satellite Systems
  • Advanced Manufacturing
  • Semiconductor Manufacturing
  • Mission Systems and Autonomy
  • Critical Supply Chain Providers

THE THREAT IS REAL. THE REQUIREMENT IS HERE. THE TIME TO PREPARE IN NOW.

Organizations that invest early reduce certification delays, avoid lost revenue opportunities, and position themselves as trusted partners within the Defense Industrial Base.

Poseidon has certified Registered Practitioners (RPs) and CMMC Certified Professionals (CCPs) with the Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB), are strategically partnered with Registered Provider Organization’s (RPOs) and CMMC Third-Party Assessor Organization (C3PAO). We will deliver CMMC assessments for Organizations Seeking Certifications (OSCs). Look for us in CMMC-ABs Marketplace https://cmmcab.org/marketplace/

Poseidon will assist DoW contractors in preparing for CMMC. Contact us to learn everything you need to know about preparing for the Cybersecurity Maturity Model Certification (CMMC), which is mandatory for DoD contractors.

SECURE THE MISSION. PROTECT THE SUPPLY CHAIN. ENABLE THE WARFIGHTER.