Cybersecurity Maturity Model Certification Advisory Services

The U.S. Department of Defense (DoD) is committed to protecting its data and information systems and preventing cyber threats at every level. Integral to this effort is ensuring that the businesses and suppliers competing for DoD contracts have achieved certain levels of effectiveness in their own internal cybersecurity programs – so that the voluminous and often highly-sensitive data to which they have access is secure. The accreditation the DoD now requires, Cybersecurity Maturity Model Certification (CMMC), affirms the level of “maturity,” or effectiveness, of a prime or subcontractor’s cybersecurity safeguards.

Defense contractors and suppliers count on us to secure mandated cybersecurity certification and enhance their DoD competitiveness.

Meet Our Professionals

Thomas J. DeMayo

Partner, PKF O’Connor Davies Advisory LLC

Nick DeLena

Partner, PKF O’Connor Davies Advisory LLC

Complex Accreditation Attainment

To achieve the appropriate level of CMMC certification, every organization within the DoD contractor community must now engage an independent third-party entity that has been formally approved by the CMMC Accreditation Body, which manages the accreditation process. As the assessment includes evaluating existing security protocols, addressing gaps and implementing solutions, it can be complicated and time-consuming.

Cybersecurity and Digital Forensics Expertise

Selecting knowledgeable specialists is a sound first step. Cybersecurity acumen is essential and our decade-long experience has proven irreplaceable. Our professionals evaluate the full range of technology platforms and engineer customized solutions to protect system, network and data resources. Adopting a pragmatic approach, they leverage existing resources to correct safety shortcomings and are committed to producing clear and logical findings that are readily understood. In more challenging situations, they tailor specific remedies to protect multi-faceted systems and environments characterized by sizeable amounts of confidential, financial, health and other personal data.

In addition, our deep experience in this arena qualifies our specialists to identify supply chain entities also subject to CMMC requirements and help these companies prepare for and obtain certification, as well. Our professionals help:

• Safeguard Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).
  
  
• Avoid forfeiting current or pending DoD contracts, recently-won bids and renewals.
  
  
• Strengthen positioning in contract competitions.
  
  
• Prevent reputational damage associated with compliance failure.
  
  
• Minimize subcontractor oversight and risk.
  
  
• Preserve internal staff time, labor and financial resources.
  
  
• Eliminate unexpected noncompliance issues.

Comprehensive Service and Solutions

To help businesses reach the optimal maturity level, our specialists provide contractors and subcontractors assistance in the following key areas which are available as an entire program or individually on an as-needed basis:

• Assessment
  To identify security gaps that must be addressed to achieve certification at the appropriate level, we undertake a thorough cybersecurity audit. This includes a complete review of all DoD contracts, subcontracts, bids and agreements in which an organization is engaged and of all internal platforms and systems that collect, save and use FCI and CUI.
  
  
• Remediation
  Once we’ve identified problematic issues, we launch a remediation program to identify optimal solutions, customize and implement necessary security improvements. Subsequent testing of new protocols affirms both adequate protection and effective processes.
  
  
• Documentation
  Accurate documentation is critical to verifying cybersecurity program efficacy, which is why clients rely on our in-depth reporting on all data protection policies and controls required for the certification level being sought. Our specialists gather, review and prepare all necessary paperwork in preparation for certification application.
  
  
• Supply Chain Certification
  To reduce the risk of supply chain noncompliance, we help identify activities requiring stronger controls for vendors, subcontractors and other entities that are part of the organization’s DoD project fulfillment. Addressing potential issues proactively is vital to improving security and attaining certification.
  
  

For specific CMMC Accreditation Body program details and applications, click here.