• Skip to primary navigation
  • Skip to main content
  • Skip to footer
ControlCase No Tag LOGO md

ControlCase

IT Certifications, Continuous Compliance and Cybersecurity Services Provider

  • Company
    • About Us
    • Careers
    • Locations
    • Team
  • Industries
    • Business Process Outsourcing
    • Cloud Service Providers
    • Retail
    • Telecom | Entertainment
  • Certifications
    • PCI DSS Certification
    • CSA STAR Certification
    • GDPR Assessment
    • HIPAA Assessment
    • HITRUST Certification
    • ISO 27001 Certification
    • FedRAMP 3PAO Services and NIST 800-53
    • CMMC Compliance: NIST 800-171
    • MARS-E Assessment
    • P2PE Certification
    • PA DSS Certification
    • SOC2 Report
  • Solutions
    • Continuous Compliance Solution
    • One Audit
    • Card Data Discovery Software
    • Data Security Rating
  • Testing
    • Application Reviews
    • Application Security Training
    • Code Reviews
    • Card Data Discovery
    • External Vulnerability Scans
    • Firewall Security Reviews
    • Internal Vulnerability Scans
    • Log Monitoring
    • Penetration Testing
  • Resources
    • Events
    • News
    • Webinars
    • Courses
    • Newsletters
    • Blog
  • Contact Us

CMMC Compliance: NIST 800-171

Request DatasheetRequest QuoteRequest Demo
You are here: Home / Certifications / CMMC Compliance: NIST 800-171

Cybersecurity Maturity Model Certification (CMMC)

The Cybersecurity Maturity Model Certification or CMMC provides a standard set of controls for the implementation of cybersecurity across the US Government and Defense Industrial Base (DIB). The CMMC framework includes a comprehensive and scalable certification element to verify the implementation of processes and practices associated with the achievement of a cybersecurity maturity level. CMMC is designed to provide increased assurance to the Department of Defense that a DIB company can adequately protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI), accounting for information flow down to subcontractors in a multi-tier supply chain.

DoD contractors must show compliance to CMMC to verify they have sufficient controls to safeguard sensitive data, including Controlled Unclassified Information (CUI) and Federal Contract Information (FCI). CMMC measures cybersecurity fitness using five levels where process and practice maturity increases with each level.

ControlCase CMMC Gap Assessment

To help organizations get ready for CMMC, ControlCase provides a complete CMMC Assessment designed to identify gaps and help with remediation efforts required to meet CMMC requirements. The assessment includes a review of the 14 domains and controls associated with the CMMC level you wish to achieve.

Access Control (AC) Media Protection (MP)
Audit and Accountability (AU) Physical Protection (PE)
Awareness and Training (AT) Personnel Security (PS)
Configuration Management (CM) Risk Assessment (RA)
Identification and Authentication (IA) Security Assessment (CA)
Incident Response (IR) Systems and Communications Protection (SC)
Maintenance (MA) System and Information Integrity (SI)


What is CMMC?

Cybersecurity Maturity Model Certification (CMMC) is a unifying standard for the implementation of cybersecurity across the Defense Industrial Base (DIB).

When did CMMC go in effect?

The CMMC v2.0 standard was released by the US Department of Defense (DoD) in November 2021 and will became a contract requirement once the DoD rulemaking process is completed.

What does CMMC do?

CMMC aims to standardize and improve cybersecurity practices within the Defense Department and Defense Industrial Base (DIB) ecosystem. It ensures that DIB companies implement appropriate cybersecurity practices and processes to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within their unclassified networks.

Who does CMMC apply to?

CMMC applies to DIB contractors whose unclassified networks possess, store, or transmit CUI as well as DIB contractors whose unclassified networks possess Federal Contract Information (FCI).

What are the CMMC Levels?

There are 3 CMMC Levels; each with associated controls and processes. CMMC Level 3 Certification is the highest (demonstrating expert cyber hygiene); while Level 1 indicates foundational cyber hygiene. CMMC Level 2 is great benchmark to target as it indicates “advanced cyber hygiene” and demonstrates full compliance with NIST SP 800-171 r1 and the Federal Acquisition Regulation (FAR). The DoD will specify the required CMMC level in Requests for Information (RFIs) and Requests for Proposals (RFPs).

Who can provide CMMC assessments?

Authorized and accredited CMMC Third Party Assessment Organizations (C3PAOs) will conduct assessments and issue CMMC certificates to Defense Industrial Base (DIB) companies at the appropriate level. ControlCase will assist with getting you ready for the assessment – we provide gap assessment and remediation support.

 

NIST 800-171 Applicability

The purpose of NIST 800-171 is to provide federal agencies with recommended requirements for protecting the confidentiality of Controlled Unclassified Information (CUI). These requirements apply only to components of nonfederal information systems that process, store, or transmit CUI, or provide security protection for such components. The requirements are intended for use by federal agencies in contractual vehicles or other agreements established between those agencies and nonfederal organizations. NIST 800-171 consists of 110 security requirements broken down into 14 control families taken from FIPS 200 and NIST 800-53:

  • Access Control
  • Audit and Accountability
  • Awareness and Training
  • Configuration Management
  • Identification and Authentication
  • Incident Response
  • Maintenance
  • Media Protection
  • Physical Protection
  • Personnel Security
  • Risk Assessment
  • Security Assessment
  • System and Communications Protection
  • System and Information Integrity

ControlCase NIST 800-171 Readiness Assessment

ControlCase provides the readiness assessment to identify gaps and help with remediation efforts required to meet NIST 800-171 requirements. The assessment includes a review of the 14 domains and 110 controls. ControlCase provides a Readiness Assessment Report to identify any control weaknesses that should be addressed allow your organization to achieve compliance with NIST 800-171.

ControlCase NIST 800-171 Compliance Assessment

Controlcase performs a full NIST 800-171 audit of your environment and provides your organization with a report that documents the results of the assessment and will clearly identify what was tested and what was not tested as part of the assessment, especially related to non-applicable controls and inherited controls from leveraged systems. Included with the report is a Plan of Actions and Milestones (POA&M) to allow remediation of identified security control weaknesses.

Benefits to our approach include:

ADAPTIBILITY
This approach is adaptable to most ticketing systems.
SIMPLICITY
This approach is repeatable.
TRANSPARENCY
Track progress against only applicable questions.
TRACKABILITY
Stay organized with assessor comments and date stamps.

Advisory Services

Application Security Training

Helps promoting developer education on the importance of integrating security into the software....
Read More

Data Discovery

Our easy-to-use enterprise data discovery solution provides scanning capabilities to search your....
Read More

Application Source Code Reviews

The objective of the ControlCase code review exercise is to quantify the level of security exposure....
Read More

Penetration Testing

ControlCase offers application and network level penetration testing performed through the best....
Read More

Integrated compliance

The SkyCAM solution out of the box provides control mapping with other standard and regulation.....
Read More

Maintain ongoing Secure Software and Secure SLC compliance

PCI DSS compliance is not a onetime effort, but a continuous process that requires ongoing....
Read More

Need more information?

Contact Us
  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

Footer

Connect

Corporate Headquarters
12015 Lee Jackson Memorial Hwy, Suite 520, Fairfax, VA 22033

Send us a message

Call Us

About Us

ControlCase is a United States based company, headquartered in Fairfax, Virginia with locations in North America, Europe, Latin America, Asia/Pacific and the Middle East to serve our clients globally.

Quick Links

  • Company
  • Team
  • Careers
  • Locations
  • Covid-19 Notice

Certifications, Assessments and Reports

  • PCI DSS Certification
  • CSA STAR Certification
  • GDPR Assessment
  • HIPAA Assessment
  • HITRUST Certification
  • ISO 27001 Certification
  • FedRAMP and 3PAO Services
  • MARS-E Assessment
  • P2PE Certification
  • PA DSS Certification
  • SOC2 Report

© ControlCase LLC 2023 | Privacy Policy | Impartiality Statement | Legal Notices