CMMC Registered Provider Organization
Work with a CMMC Registered Provider Organization
The Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB) has approved Point North Networks, Inc. as a Registered Provider Organization (RPO). In doing so, Point North can assist organizations working with the Defense Industrial Base handling CUI (Controlled Unclassified Information) to prepare for CMMC audits and certifications.
What is CMMC?
CMMC specifies a set of cybersecurity practices and processes that all contractors must implement, and keep in place at all times, in order to be awarded new business contracts with the U.S. Department of Defense (DoD). The goal of CMMC is to prevent unauthorized personnel from accessing sensitive defense information, such as Controlled Unclassified Information (CUI). Beginning in 2021, independent CMMC Third Party Assessment Organizations (C3PAO) will begin to verify a DoD contractor’s compliance with CMMC.
Do you need to comply with DFARS 252.204-7012? If so, you must implement all 110 NIST 800-171 controls in order to avoid missing out on new contract awards from the DoD. Point North has solutions for DFARS/NIST 800-171 compliance.
What is a CMMC RPO?
The CMMC-AB authorizes C3PAOs to conduct CMMC assessments, and they can also provide advice on passing those assessments for clients they’re not going to be assessing. However, RPOs aren’t authorized to perform CMMC assessments. Instead, their sole purpose is to provide consulting services in support of Organizations Seeking Certification within the Defense Industrial Base (DIB).
The CMMC-AB intends for organizations with the RPO designation to advise DoD contractors on how they can prepare for a CMMC assessment. Its goal is to provide OSCs with confidence that the contractors they hire meet CMMC security requirements, using the published CMMC assessment guides. However, many disreputable organizations are falsely claiming they can already provide contractors with CMMC certification. While this isn’t possible (yet) at the time this post was written, an RPO does have the basic training needed to understand the steps contractors must perform to prepare for CMMC.
RPOs provide an opportunity for organizations who want to be cybersecurity consultants, according to the CMMC-AB. It allows them to obtain the necessary training and qualifications while strengthening their ties to the CMMC ecosystem. RPOs also help the CMMC-AB understand who the players are in information security and what they’re doing, although the RPO designation isn’t necessary to work in that space.
How can Point North help with a CMMC Audit?
The new Cybersecurity Maturity Model Certification (CMMC) standard is here, and it’s being rolled out for the 300,000 non-federal organizations that make up the Pentagon’s supply chain in a staged fashion over the next five years.
The core framework for this new 5-tiered cybersecurity standard is defined and published, and the government is moving as fast as it can to build out the massive infrastructure of trainers, assessors, and documentation to support it.
Point North will guide you through the certification-readiness process, and once certified, will help you document your ongoing compliance to the standard.