CMMC

COMPLIANCE

BGS is expert in cybersecurity for information and critical infrastructure. We are leaders in CMMC compliance.

BGS was the 4th company in the nation authorized by the U.S. Department of Defense’s (DOD) Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) as a Cybersecurity Maturity Model Certification (CMMC) Certified 3rd Party Assessment Organization (C3PAO). We provide CMMC consulting and assessment services. As a CyberAB Registered Provider Organization, our NIST SP 800-171 experts, Registered Practitioners (RP), and CMMC Certified Assessors assist companies in preparing their technical capabilities, documentation, and personnel to be ready for the CMMC certification process.

BGS staff members sit on the CMMC Industry Standards Council and CMMC Architecture Working Group. These groups bring together the brightest minds in CMMC, cybersecurity, and technology. BGS personnel have received a Presidential Volunteer Award in recognition of efforts to help define, clarify, and promote CMMC as part of the CMMC-AB Standards Working group.

BGS also provides cybersecurity solutions based on NIST SP 800-53 and 800-171 frameworks. Our expertise in this area allows us to take an active role in securing the DOD and government’s supply chain.

As a Registered Practitioner Organization:
  • Prepares organizations for compliance with CMMC Version 2 requirements and NIST SP NIST SP 800-171 requirements
  • Helps federal contractors achieve compliance with Federal Acquisition Regulation (FAR) Clause 52.204-21 for the implementation of basic cybersecurity controls for CMMC Level 1
  • Conducts gap analysis to identify potential weaknesses in cybersecurity requirements outlined under DFARS 252.204-7012 for the protection of Controlled Unclassified Information (CUI) and FAR Clause 52.204-21 (FCI)
  • Partners with organizations to develop a roadmap for compliance, gap remediation, and security architecture

 

As a CMMC 3rd Party Assessment Organization (C3PAO):
  • Conducts C3PAO assessments and issues CMMC certifications to organization that meet the CMMC requirements.
  • Allows BGS to provide Joint Surveillance assessment in partnership with DOD DCMA DIBCAC until CMMC rulemaking is complete

Work Highlights

In support of the DOD’s DIBCAC CMMC program, BGS provides defense contractors with:

Compliance workshops

Compliance workshops to help contractors understand obligations for protecting FCI and CUI within their organization and supply chain.

Cybersecurity assessment services

Assistance in determining their Supplier Performance Risk System score and provided supporting documentation for the score.

Gap analysis

Gap analyses against CMMC controls (Level 1 and Level 2) and NIST SP 800-171 control requirements.

CMMC Compliance Requirement Support

Development of tools, technologies, plans, procedures, and policies to support CMMC requirements.

Our Process

BGS delivers a tailored CMMC implementation that is secure, reliable, and cost-effective by bringing expert resources, efficient processes, and effective technologies to meet your operational needs.

  • Conduct an RPO Assessment to understand the unique needs of the organization and provide a compliance gap analysis.
  • Create a customized roadmap for each organization that will include cost-effective on-premise, cloud, or hybrid options to:
    1. Convert an existing environment
    2. Segment a portion of an existing architecture
    3. Host a new compliant infrastructure
  • Once ready for certification, authorized assessors will evaluate against compliance standards and recommend for certification at the desired compliance level