Aerstone’s CMMC Readiness Assessments prepare Clients for certification by providing insight into the organization’s posture as compared to the CMMC level 1-5 requirements. Our team will deliver your CMMC Readiness assessment report, evidence, and artifacts to be used in future compliance audits.
Want to learn more? Check out this Readiness Assessment video, and then contact us for more information.
Aerstone hosts a monthly free webinar series that walks you through the steps to achieving full DFARS compliance. All DoD contractors and their subcontractors are required to comply with the new DFARS cybersecurity regulations, including a NIST 800-171 compliance audit.
Watch this recording of our free DFARS webinar, and schedule your assessment today!
The Defense Federal Acquisition Regulation Supplement (DFARS) contains a new clause, “Safeguarding Covered Defense Information and Cyber Incident Reporting” (Section 252.204-7012), which requires all DoD prime contractors and subcontractors to implement “adequate security” based on a set of security controls referenced in NIST SP 800-171, and to conduct cyber incident analysis and reporting. The wording of the clause is sufficiently broad as to require compliance by virtually any company doing business with the DoD, across any industry (whether technical or non-technical).
Cybersecurity Maturity Model Certification (CMMC)
The Office of the Under Secretary of Defense for Acquisition, & Sustainment (OUSD(A&S)) developed the CMMC program to build upon 2017 DFARS requirements (Clause 252.204-7012) protecting Covered Unclassified Information (CUI) to provide various maturity levels accommodating small to large DoD contractors within the Defense Industrial Base (DIB). The new certification program also removes the ability for vendors within the supply chain to self-certify and will now require audits and accreditation from a third-party organization. Requirements for CMMC maturity levels will appear in RFIs starting in June 2020, and in RFPs in Fall 2020.
This new model supports five (5) maturity levels ranging from basic cybersecurity (small business) to highly advanced cybersecurity practices.
Aerstone performs CMMC Readiness Assessments for DoD customers looking to prepare themselves for certification. Our Readiness Assessment provide clients with insight into their organization’s security posture as compared to the CMMC requirements at one of the five levels. Clients walk away with a CMMC Security Control Matrix and Readiness Assessment Report to be used in future compliance audits. Aerstone also performs full DFARS controls assessments for clients looking to satisfy that requirement.
Auditors understandably prefer assessment results produced by someone other than the system owners and implementers. Let Aerstone help your organization achieve compliance.
Our Experience Sets Us Apart
Aerstone is an NSA-certified vulnerability assessor, and a service-disabled veteran-owned small business.
We approach each engagement with the highest levels of professionalism, determination, and creativity, honed by years of working with
security professionals across the military, intelligence community, civilian government, and private industry.
Contact our sales team at firstname.lastname@example.org for more information.