As a client of Degree Six you already have the technical level to meet CMMC Level 1 at least. From there we may use our assessment tools, CIO services, and add-ons to get you to the level you decide you need to be. Further, to meet the NIST interim rule we have partnered with the necessary scanning and documentation tools to assist you ensuring compliance with NIST 800-171.
NIST 800-171 is the compliance framework mandatory for all DoD contractors before CMMC. It is a self-certification, as opposed to the CMMC third part certification. CMMC is mostly composed of NIST 800-171 controls. It is still currently required to achieve self-certification for many DoD contractors and log your score into Supplier Performance Risk System (SPRS).
Most DoD contractors that we support will only need a CMMC Level 1 or 3, as the higher levels are mainly reserved for very in-depth contracts handling very sensitive information in-house. As Level 1 is basic cyber security hygiene our clients already meet the requirements outside of documentation. However, we also bring the necessary tools and expertise to accomplish Level 3.
We follow the guidelines of the CMMC-AB and DoD to get ensure your documentation and systems are ready for certification. Level 1 only has 17 practices but Level 3 goes up to 130; both need the artifacts to prove their mitigation. And the intention is to secure Personal Identifiable Information (PII) and Federal Contract Information in Level 1 and transition into securing Controlled Unclassified Information (CUI) by Level 3:
One of the surest ways to decrease the cost of CMMC and NIST while passing certification and generally supporting and protecting your company is with an MSP (Managed Services Provider), like Degree Six.
As IT/Security professionals we focus entirely on your IT support, security, and compliance while you focus on your business.