CMMC (Cybersecurity Maturity Model Certification) is a unifying standard for the implementation of cybersecurity across the Defense Industrial Base (DIB). CMMC is designed to provide increased assurance to the Department of Defense (DoD) that a DIB organization can adequately protect sensitive unclassified information, accounting for information flow down to subcontractors in a multi-tier supply chain. The CMMC framework includes a comprehensive and scalable certification element to verify the implementation of processes and practices associated with the achievement of a cybersecurity maturity level. This certification process is intended to serve as a verification mechanism to ensure that DIB companies implement appropriate cybersecurity practices and processes to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within their unclassified networks.
CMMC is comprised of 5 levels, starting with basic cyber hygiene that enables safeguarding of FCI and progressing up to safeguarding of CUI using advanced/progressive cybersecurity controls and techniques that protect against advanced persistent threats (APTs).
CMMC Consulting and Implementation Services
As a CMMC Registered Practitioner Organization (RPO), iPower provides consulting and implementation support to organizations seeking to implement CMMC standards and prepare for a CMMC assessment. We have a matrixed team of CMMC Registered Practitioners (RPs) with expertise in CMMC requirements that can be brought to bear to help your organization succeed in your CMMC initiative.
iPower’s experienced CMMC RPs and subject matter experts (SMEs) provide the full range of consulting and support services including, but not limited to, the following:
Helping to defining the scope and objectives of the CMMC initiative
Conducting gap analyses to gauge your current level of compliance
Highlighting strengths, weaknesses, and opportunities for improvement
Developing corrective action plans
Providing hands-on coaching and mentoring support and facilitated work sessions, in a one-on-one setting or in small working groups
Developing or reviewing process assets (e.g., security policies, security plans, etc.)
Helping to prepare for official CMMC assessments
Planning, tracking, reporting, and managing the CMMC implementation effort with Project Management Institute project management best practices
CMMC Assessment Services
As a Candidate CMMC Third-Party Assessment Organization (C3PAO), iPower will lead official CMMC assessments as part of the certification process. iPower’s CEO and President, Deborah Hunt, is a Provisional CMMC Lead Assessor.
During each assessment, our team will review tangible artifacts and conduct interviews to evaluate compliance with applicable CMMC requirements. Following completion of the assessment, iPower will provide an assessment report noting any findings and deficiencies and will report the results to the CMMC Accreditation Body (CMMC-AB) for review and approval.