LeveL5Cyber

Define the Risks
Defend the Assets

LeveL5Cyber

Define the Risks
Defend The Assets

LeveL5Cyber

Define the Risks
Defend The Assets

CMMC-R

The LeveL5Cyber process

LeveL5Cyber collaborates with our clients to have an open and honest conversation about where an organization exists today and the maturity that they wish to achieve. From the start, LeveL5Cyber works with you to derive the right outcomes to meet your needs.

• Easily schedule assessment timelines 
• Review and document areas within your existing documentation 
• Conduct in-depth workshops to baseline your environment and interview the appropriate subject matter experts 
• Draft SSPs and POA&Ms 
• Review draft reports with your organization to incorporate your direct feedback 
• Deliver a final version of the report and additional artifacts 
• Perform an Executive out-brief session to educate other members, as noted by you, of the activities and actions 
• Identify key areas of success and key areas in need of growth

Your Risks

The “Cybersecurity Maturity Model Certification” (CMMC) Readiness Assessment assists organizations with the preparation of the up-and-coming cybersecurity enhancement for protecting Controlled Unclassified Information (CUI) data. LeveL5Cyber offers over 100 years of experience in large and complex environments that require a variety of regulatory needs to identify where strategic and tactical actions can reduce risk.

The aggregate loss of Controlled Unclassified Information (CUI) from the Defense Industrial Base (DIB) sector increases risk to national economic security and, in turn, national security. To reduce this risk, the Department has continued to work with the DIB sector to enhance the protection of CUI in their unclassified networks.

The Council of Economic Advisers, an agency within the Executive Office of the President, estimates that malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016 [Ref: “The Cost of Malicious Cyber Activity to the U.S. Economy, CEA” in February 2018].

The Center for Strategic and International Studies (CSIS), in partnership with McAfee, reports that as much as $600 billion, nearly 1% of global GDP, may be lost to cybercrime each year. The estimate is up from a 2014 study that put global losses at about $445 billion. [Ref: “Economic Impact of Cybercrime – No Slowing Down” in February 2018].

Our Roles

LeveL5Cyber works with you and your organization to assist in the preparedness for DoD regulatory requirements concerning CMMC. Our team of former Fortune 500, DoD, and Critical Infrastructure hands-on operators understand the challenges and risks that exist in the world today. Our right-sized approach to addressing the needs to prepare for the expectations of DoD contract bidders and their supply chain allows LeveL5Cyber to guide repeatable, actionable, and attainable paths for maturing your cybersecurity program.

Where do you want to be?

Clients should outline where they wish to be from a maturity perspective. Data, its entire lifecycle, the systems that house the data and the persons who can access that data are all intertwined. While organizations that have a need to protect CUI data must meet the CMMC Level 3 maturity mark for protecting that data, information security plans should continue and evolve their programs as new threats and risks evolve.

What's the value of CMMC-R?

Prior to an official C3PAO audit, CMMC assessments are a critical step to prepare for the obligations that entities must show for their compliance to CMMC. LeveL5Cyber works with our clients to prepare them for this journey and assists them with identifying areas of risk, developing plans of remediation and outlining paths towards maturation.

What is CMMC-R?

The CMMC is intended to serve as a verification mechanism to ensure that DIB companies implement appropriate cybersecurity practices and processes to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within their unclassified networks. Many of LeveL5Cyber’s team members have come directly from this type of environment and understand the challenges. Our team works with your organization to reduce risk and prepare you for a CMMC required audit.

• The CMMC will review and combine various cybersecurity standards and best practices and map these controls and processes across several maturity levels that range from basic cyber hygiene to advanced. For a given CMMC level, the associated controls and processes, when implemented, will reduce risk against a specific set of cyber threats. 
• The CMMC effort builds upon existing regulation (DFARS 252.204-7012), that is based on trust, by adding a verification component with respect to cybersecurity requirements. 
• The goal is for CMMC to be cost-effective and affordable for small businesses to implement at the lower CMMC levels. 
• Authorized and accredited CMMC Third Party Assessor Organizations (C3PAOs) will conduct assessments and issue CMMC certificates to Defense Industrial Base (DIB) companies at the appropriate level. 

Who developed CMMC-R?

The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) recognizes that security is foundational. The OUSD(A&S), working with DoD stakeholders, University Affiliated Research Centers (UARCs), Federally Funded Research and Development Centers (FFRDC) and industry developed the Cybersecurity Maturity Model Certification (CMMC) framework.

Cybersecurity Maturity Model Certification-Readiness Assessment FAQ

The CMMC is intended to serve as a verification mechanism to ensure that DIB companies implement appropriate cybersecurity practices and processes to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within their unclassified networks. Many of LeveL5Cyber’s team members have come directly from this type of environment and understand the challenges that it presents. Our team will work with you to reduce risk and prepare you for a CMMC required audit.

Depending on your current environment and level of cyber hygiene, your company should plan for at least six months to achieve compliance. With the DoD planning to roll out proposals requiring CMMC compliance by the end of the year, there is no time to delay on certification preparations.

In general, a CMMC certificate, as provided by a C3PAO, will be valid for 3 years.

The main benefit to organizations that obtain a CMMC certification is the improvement of their processes and simultaneous enhancement of the protection of controlled unclassified information and intellectual property within the supply chain of the US DIB.

The CMMC will review and combine various cybersecurity standards and best practices and map these controls and processes across several maturity levels that range from basic cyber hygiene to advanced. For a given CMMC level, the associated controls and processes, when implemented, will reduce risk against a specific set of cyber threats.

Accredited C3PAOs must meet all DoD requirements and achieve full compliance with ISO/IEC 17020. C3PAOs must be accredited by the CMMC-AB within 27 months of their registration. Registered Provider Organizations (RPO) and Registered Practitioners (RP) in the CMMC ecosystem provide advice, consulting, and recommendations to their clients. They are the “implementers” and consultants, but do not conduct Certified CMMC Audits that produce an attestation of compliance.

Contact LeveL5Cyber

North American Director, Strategy Development

Dan Callahan

Executive Vice President for Portfolio & Security

Greg Carrico

LeveL5Cyber_Michael_Moten_SM

Mike Moten

Executive Vice President for Portfolio & Security

Greg Carrico

Senior Director

Marianne Swarter

Executive Vice President for Portfolio & Security

Greg Carrico

Senior Director

Marianne Swarter

Our team is listening.