By Christopher Moschella, CPA, CISA, Risk Advisory Services Senior Manager
Note: Important Change as of November 2021
The Department of Defense announced a major overhaul to the Cybersecurity Maturity Model Certification (CMMC) program. No new contracts will feature CMMC compliance requirements until the Department completes its rulemaking process for CMMC 2.0. Read our summary of the changes, Goodbye CMMC 1.0, Hello CMMC 2.0. For more detailed information, visit the CMMC website.
Keiter’s Cybersecurity team will continue to monitor the rollout of the CMMC program and update you on new information and changing requirements for DoD contractors.
Cybersecurity Maturity Model Certification
Keiter CPAs is pleased to announce that the leader of the Firm’s Risk Advisory service team has received Registered Practitioner status with the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body. In addition, Keiter has become a Registered Provider Organization (RPO) in the CMMC Marketplace.
The Cybersecurity Maturity Model Certification (CMMC) is a cybersecurity framework that the Department of Defense (DoD) has instituted for prime and subcontractors wanting to provide products or services to the DoD. The CMMC framework has five maturity levels that DoD contractors will be subject to based on the type of sensitive information they have access to during their service contract.
“This new certification framework will help to protect our nation’s security by limiting access to contractors who meet security standards,” explained Scott McAuliffe, CPA, CISA, CFE, Partner in charge of Risk Advisory Services. “Many DoD contractors will need assistance in performing their assessments, identifying gaps, and developing corrective action plans. With the CMMC RPO accreditation, Keiter can now assist DoD contractors with these assessments.”
Keiter’s Risk Advisory Services team has been providing cybersecurity services and consulting on the major IT frameworks such as NIST SP 800-171, NIST SP 800-53, HIPAA, and others for close to 20 years. The team can help with Readiness Assessments and Gap Analyses Against the CMMC Framework, Assistance with Remediating Gaps Identified during Readiness Assessment, and Assistance with NIST SIP 800-171 Self-Assessment that is recorded in Supplier Performance Risk System.
Learn more about CMMC services for DoD prime and subcontractors.
About the Author
The information contained within this article is provided for informational purposes only and is current as of the date published. Online readers are advised not to act upon this information without seeking the service of a professional accountant, as this article is not a substitute for obtaining accounting, tax, or financial advice from a professional accountant.