Contractors are facing a lot of uncertainty, bottlenecks, and pressures from the new CMMC (Cybersecurity Maturity Model Certification) standards. Currently set to be coming into force in early Q4 of this year at the latest, these regulations are set to shake up how security standards are defined and assessed across the whole defense supply chain.
This case study tells the journey of one of our clients towards a CMMC-compliant business in one smooth, guided process.
The Client
Our client is a security services firm with a team of employees and an ecosystem of subcontractors working with them, providing a range of services, including expert witness services, crisis management, security details, and risk analysis solutions.
The Background: Navigating New CMMC Requirements
As a player in the defense supply chain, the firm faced uncertainty about the required CMMC level that they would need to meet as part of their defense supply chain contracts. They needed to ensure they were completely compliant, and ensure that if needed, compliant solutions were in place for any contract data being stored on a NAS device, as well as that more broadly all of their Federal Contact Information (FCI) data was being processed to meet at least CMMC level 1 standards.
Our approach focused on guiding our client to see what level they would need to meet, mapping the gaps between their relevant IT systems and CMMC level 1’s requirements, and then filling those gaps and supporting the certification self-assessment process from start to finish.
Infinity Technologies’ Approach
We started by holding an initial consultation with our clients to guide them through the requirements and how their currently mandated data, such as Federal Contact Information, mapped out to level 1 requirements across their IT, and we determined that CMMC level 1 was the appropriate level for their organization using a questionnaire assessment.
From there, we undertook an in-depth assessment of their IT environment, firstly deploying a comprehensive CAS solution to see how their IT environment was meeting CMMC level 1 requirements or potentially holding data that would require a level 2 CMMC certification.
Alongside this, we undertook in-depth reviews of the policies, processes, and security measures they had in place using helpful templates to assist with creating these policies efficiently. All together, these helped us verify the information given to us in the consultation and self-questionnaire phase and precisely map out where improvements are needed to attest compliance and ensure certification.
We then acted to swiftly and securely ensure CMMC level 1 compliance, first drafting and implementing the policies, processes, and technical defenses needed. We vigorously tested the new policies and defenses to ensure that they worked in real-world scenarios.
We also prepared our client for ongoing compliance by establishing processes for regular security reviews and updates, including the importance of watching out for changes within their contracts and the CMMC cybersecurity standards framework, so they could stay ahead of them. Showcasing the impact of the measures, the client also enjoyed a marked improvement in their SPRS score.
Outcomes and Benefits
Through our partnership, our client was able to align their IT environment with CMMC level 1 standards without any problems, enjoyed a measurably improved security posture, and used our diverse solution stack to find the most cost-effective approach to getting compliantly secure. They had much more peace of mind that their CMMC level 1 compliance was in safe harbor, and so too was their place in the supply chain.
Conclusion
Navigating the new CMMC cybersecurity standards can be complicated and daunting, but it doesn’t have to be! It just takes the right technology partner by your side. If you’re looking to gain clarity, ensure a smooth process, and focus on what matters, Infinity Technologies could be the right partner for your business. We’ll tailor the process to you, help you find right-sized solutions, and ensure it is done as cost-effectively as possible, being your partner and guide through the whole process.
Ready to drop the uncertainty and get ready to meet CMMC requirements? Give our team a call and we’ll be glad to support you.
