CMMC
COMPLIANCE
BGS is expert in cybersecurity for information and critical infrastructure. We are leaders in CMMC compliance.
BGS was the 4th company in the nation authorized by the U.S. Department of Defense’s (DOD) Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) as a Cybersecurity Maturity Model Certification (CMMC) Certified 3rd Party Assessment Organization (C3PAO). We provide CMMC consulting and assessment services. As a CyberAB Registered Provider Organization, our NIST SP 800-171 experts, Registered Practitioners (RP), and CMMC Certified Assessors assist companies in preparing their technical capabilities, documentation, and personnel to be ready for the CMMC certification process.
BGS staff members sit on the CMMC Industry Standards Council and CMMC Architecture Working Group. These groups bring together the brightest minds in CMMC, cybersecurity, and technology. BGS personnel have received a Presidential Volunteer Award in recognition of efforts to help define, clarify, and promote CMMC as part of the CMMC-AB Standards Working group.
BGS also provides cybersecurity solutions based on NIST SP 800-53 and 800-171 frameworks. Our expertise in this area allows us to take an active role in securing the DOD and government’s supply chain.
As a Registered Practitioner Organization:
- Prepares organizations for compliance with CMMC Version 2 requirements and NIST SP NIST SP 800-171 requirements
- Helps federal contractors achieve compliance with Federal Acquisition Regulation (FAR) Clause 52.204-21 for the implementation of basic cybersecurity controls for CMMC Level 1
- Conducts gap analysis to identify potential weaknesses in cybersecurity requirements outlined under DFARS 252.204-7012 for the protection of Controlled Unclassified Information (CUI) and FAR Clause 52.204-21 (FCI)
- Partners with organizations to develop a roadmap for compliance, gap remediation, and security architecture
As a CMMC 3rd Party Assessment Organization (C3PAO):
- Conducts C3PAO assessments and issues CMMC certifications to organization that meet the CMMC requirements.
- Allows BGS to provide Joint Surveillance assessment in partnership with DOD DCMA DIBCAC until CMMC rulemaking is complete
Work Highlights
In support of the DOD’s DIBCAC CMMC program, BGS provides defense contractors with:
Compliance workshops
Compliance workshops to help contractors understand obligations for protecting FCI and CUI within their organization and supply chain.
Cybersecurity assessment services
Assistance in determining their Supplier Performance Risk System score and provided supporting documentation for the score.
Gap analysis
Gap analyses against CMMC controls (Level 1 and Level 2) and NIST SP 800-171 control requirements.
CMMC Compliance Requirement Support
Development of tools, technologies, plans, procedures, and policies to support CMMC requirements.
Our Process
BGS delivers a tailored CMMC implementation that is secure, reliable, and cost-effective by bringing expert resources, efficient processes, and effective technologies to meet your operational needs.
- Conduct an RPO Assessment to understand the unique needs of the organization and provide a compliance gap analysis.
- Create a customized roadmap for each organization that will include cost-effective on-premise, cloud, or hybrid options to:
- Convert an existing environment
- Segment a portion of an existing architecture
- Host a new compliant infrastructure
- Once ready for certification, authorized assessors will evaluate against compliance standards and recommend for certification at the desired compliance level
Case Study: Improving National Security by Securing Large Defense Contractors
Challenge A large defense contractor ($5B annual revenues) needed to prepare for Cybersecurity Maturity Model Certification (CMMC) in a multi-cloud environment. The CMMC model will ensure Defense Industrial Base (DIB) vendors are managing their environment for...
Case Study: Improving National Security by Securing the Manufacturing & Industrial Sectors
Challenge The University of Tennessee was looking for a partner with Cybersecurity Maturity Model Certification (CMMC) expertise to support Tennessee’s small business community that provides services to the U.S. government. Solution Boston Government Services (BGS)...