• Services
    • SOC Reporting Services
      • SOC 2® Readiness Assessment
      • SOC 2® Reports
      • SOC 3® Reports
      • SOC for Cybersecurity® Reports
    • IT Advisory Services
      • IT Vulnerability Assessment
      • Penetration Testing
      • Privileged Access Management
      • Social Engineering – End User Security Training
      • Virtual CISO (vCISO)
      • Written Information Security Program (“WISP”)
      • IT General Controls Review
      • SHIELD for Small & Medium Business
    • IT Government Compliance
      • CMMC
      • DFARS Compliance
      • FTC Safeguards Virtual CISO
  • Industries
    • Financial Services
    • Government
    • Enterprise
    • Auto Dealerships
  • Blog
  • About Us
    • Meet The Team
    • Jobs
  • Contact Us

Call us today! 844-OCD-TECH

Find our Location
OCD TechOCD Tech
  • Services
    • SOC Reporting Services
      • SOC 2® Readiness Assessment
      • SOC 2® Reports
      • SOC 3® Reports
      • SOC for Cybersecurity® Reports
    • IT Advisory Services
      • IT Vulnerability Assessment
      • Penetration Testing
      • Privileged Access Management
      • Social Engineering – End User Security Training
      • Virtual CISO (vCISO)
      • Written Information Security Program (“WISP”)
      • IT General Controls Review
      • SHIELD for Small & Medium Business
    • IT Government Compliance
      • CMMC
      • DFARS Compliance
      • FTC Safeguards Virtual CISO
  • Industries
    • Financial Services
    • Government
    • Enterprise
    • Auto Dealerships
  • Blog
  • About Us
    • Meet The Team
    • Jobs
  • Contact Us

CMMC

Home CMMC

Cybersecurity Maturity Model Certification (CMMC)

What Is CMMC?

The Cybersecurity Maturity Model Certification (CMMC) program enhances cyber protection standards for companies in the DIB. It is designed to protect sensitive unclassified information that is shared by the Department with its contractors and subcontractors. The program incorporates a set of cybersecurity requirements into acquisition programs and provides the Department increased assurance that contractors and subcontractors are meeting these requirements.

CMMC-Framework-features
 Tiered Model

CMMC requires that companies entrusted with national security information implement
cybersecurity standards at progressively advanced levels, depending on the type and sensitivity of the
information. The program also sets forward the process for information flow down to subcontractors.

Assessment Requirement

CMMC assessments allow the Department to verify the implementation of
clear cybersecurity standards

 Implementation through Contracts

Once CMMC is fully implemented, certain DoD contractors that
handle sensitive unclassified DoD information will be required to achieve a particular CMMC level as a
condition of contract award.

Cybersecurity is a Top Priority for the Department of Defense

The Defense Industrial Base (DIB) is the target of increasingly frequent and complex cyberattacks. To protect
American ingenuity and national security information, the DoD developed CMMC 2.0 to dynamically enhance
DIB cybersecurity to meet evolving threats and safeguard the information that supports and enables our
warfighters.

CMMC 2.0

In November 2021, the Department announced “CMMC 2.0,” an updated program structure and requirements designed to achieve the primary goals of the internal review:

Goals of CMMC 2.0

Establishes three progressively sophisticated levels, depending on the type of information:

  • Level 1 (Foundational) – for companies with FCI only; information re—quires protection but is not critical to national security
  • Level 2 (Advanced) — for companies with CUI
  • Level 3 (Expert) — for the highest priority programs with CUI
cmmc2.0-levels

Why OCD Tech?

The Government Compliance Services Team at OCD Tech is committed to assisting all members of the Defense
Industrial Base (DIB), large or small, as well as other executive agencies such as the Department of Energy, NASA, Department of Education, and the Department of State with their many IT compliance needs.

Since the inception of the DFARS 252.204-7012 clause and the self-attestation requirement associated with NIST 800-171, OCD Tech has been there to help clients fulfill their contractual obligations. Now, with CMMC, our firm continues to leverage our expertise in the defense space to aid organizations in the DIB with this new framework.  Let us help you!

Contact Us

Find us on

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Send Message
OCD Tech logo Audit. Security. Assurance.

IT Audit | Cybersecurity | IT Assurance | IT Security Consultants – OCD Tech is a technology consulting firm serving the IT security and consulting needs of businesses in Boston (MA), Braintree (MA) and across New England. We primarily serve Fortune 500 companies including auto dealers, financial institutions, higher education, government contractors, and not-for-profit organizations with SOC 2 reporting, CMMC readiness, IT Security Audits, Penetration Testing and Vulnerability Assessments. We also provide dark web monitoring, DFARS compliance, and IT general controls review.

Contact Info

  • OCD Tech
  • 25 BHOP, Suite 407, Braintree MA, 02184
  • 844-623-8324
  • https://ocd-tech.com

Follow Us

Videos

Check Out the Latest Videos From OCD Tech!

Services

SOC Reporting Services
– SOC 2 ® Readiness Assessment
– SOC 2 ®
– SOC 3 ®
– SOC for Cybersecurity ®

IT Advisory Services
– IT Vulnerability Assessment
– Penetration Testing
– Privileged Access Management
– Social Engineering
– WISP
– General IT Controls Review

IT Government Compliance Services
– CMMC
– DFARS Compliance
– FTC Safeguards vCISO

Industries

  • Financial Services
  • Government
  • Enterprise
  • Auto Dealerships

© 2024 — OCD Tech: IT Audit - Cybersecurity - IT Assurance

  • OCD Tech
  • About Us
  • Contact Us