If you’re not familiar with the Cybersecurity Maturity Model Certification (CMMC), welcome aboard, and read all about it here.
If you are familiar then you know there is a vast universe of organizations, approximately 350,000, who will need to either self-attest to compliance with the CMMC, or undergo an assessment by a Certified Third-Party Assessor Organization (C3PAO), within the next three years. For those who want to be assessors, or those working inside candidate Organizations Seeking Certification (OSC), the front door to understanding the subject matter is a base-level certification called the Certified CMMC Professional (CCP).
For those tuned in -or deeply participating like we at Monarch ISC- for the last two years, it’s been a challenging process with plenty of stops and starts, and significant changes. We are on version 2.0 of the framework, and there is a process for ensuring the gaps between versions 1 and 2 are addressed for professionals seeking individual certifications as Certified CMMC Assessor (CCA) and/or Instructor (CCI).
Certifications for Provisional Assessor and Provisional Instructor have been active since the summer of 2021 for version 1 of the framework. Since the release of version 2 last fall, the CMMC-AB has announced it will be offering free “Delta Training” to Provisional Instructors, Provisional Assessors, and those recently trained, or about to be trained, in version 1 as CCPs. This training will fill-in the gaps between framework versions. This is great news, because the vast number of OSCs will need certified professionals to assess their organizations, and those professionals will need to be trained! The Delta Training ensures we can keep moving things forward.
Once version 2.0 course content is released by the Licensed Partner Publishers (LPP), the Delta Training will no longer be necessary. That V2 curricula is fairly close to release, as we understand it.
As a point of entry to CMMC and the Defense Industrial Base, (DIB) a CCP certification can serve as a prerequisite to enhance an established cybersecurity career by attaining Certified CMMC Assessor (CCA) or Instructor (CCI) designations. It also has high value to in-house teams to better serve their organizations in preparing for, and passing, their certification assessment.
An in-house CCP will know how to prepare for a CMMC Assessment, and how to ensure the compliance program remains “alive” since each organization will have to re-certify every three years.
Compliance within the CMMC ecosystem aims to establish and/or enhance the cybersecurity posture of businesses across many industries in the DIB. Standardization of information security safeguards is designed to protect Federal Contract Information (FCI), and Controlled Unclassified Information (CUI) throughout a multi-layered supply chain. The CCP certification helps fulfill this need through proliferating comprehension of regulatory requirements throughout the DIB and cybersecurity service provider communities, collectively referred to as the CMMC Ecosystem.
The Certified CMMC Professional (CCP) training program through Monarch ISC (CMMC Registered Practitioner Organization (RPO), Licensed Training Partner (LTP), and C3PAO, leverages years of experience merged with the accredited curriculum authorized through the Cybersecurity Maturity Model Certification Accreditation Body (CMMC AB). This one-week instructor-led live online training will empower students to not only prepare for their CCP exam, to be released soon, but also identify gaps within their organization’s cybersecurity program and begin preparing their OSCs for certification.
John H Rogers, CISSP, CMMC-Provisional Instructor, CMMC-Registered Practitioner, and candidate Provisional Assessor (pending suitability check) has been a technical trainer since 2002, with information and cybersecurity subject matter the focus of training and curricula development. Rogers has conducted hundreds of training sessions, including end-user awareness training, technical training for IT Professionals, leadership and board-level education, and public presentations to a wide audience across the country. Consistently rated excellent in student evaluations, Rogers brings humor, extensive subject matter expertise, and 22 years of field experience as a Senior Cybersecurity Advisor into the classroom to every session.
Read Also: 5 Observations About CMMC 2.0 (monarchisc.com)
All content © 2021 Monarch ISC
The Cybersecurity Maturity Model Certification (CMMC) has been released!
The certification will be required for all Department of Defense contractors AND sub-contractors. Audits will begin in 2020. The audit timelines and the list of approved auditors have not been released.
Special Note: DoD Guidance for self-assessment scoring has been updated! You will need to provide your self-assessment (Basic) of the NIST 800-171 guidance to the Supplier Performance Risk System (SPRS). The system is online NOW! Do you know your score?
NOW is the time to start the certification process, so contact us for a free consultation.
For many organizations this is a strange new world. Data security requirements have been in place for banks, merchants accepting credit cards, and healthcare organizations, but never have manufacturers and other government contractors with unclassified information faced this type of scrutiny.
This can be an overwhelming amount of work.
The certification domains cover a wide variety of topics from Asset Management to System and Information Integrity. You will need to implement the correct controls, write the appropriate policies, and keep track of your compliance activities in preparation of an audit. Failure to be certified will mean thousands, or millions, of dollars in lost government contracts.
Monarch ISC can help.
The FFIEC Cybersecurity Assessment Tool measures the maturity of your financial institution’s information security program. The tool helps define your current inherent risk profile and assess your compliance status across the security domains.
It can be a daunting exercise to complete.
We can help!
Our experts work with your team to complete the assessment and document any gaps in compliance. We will build a timeline for remediation, and can assist with training, risk assessments, policy building, business continuity exercises, board reporting, and more. Our work will fill the gaps and increase your maturity level.
You made sure your Electronic Medical Record (EMR) system was HIPAA-compliant. Did you know that is just the first step in making your practice HIPAA-compliant?
You take great care of your patients, and you know that means taking great care of your patients’ sensitive personal data, too. But complying with the federal Health Insurance Portability and Accountability Act (HIPAA) can be as complicated as some of the things you learned in medical school.
Monarch Information Security Consulting understands what the law demands of you and your practice, can evaluate what you need to do to meet those expectations, and will create a customized and easy-to-understand plan for you to achieve complete HIPAA compliance and get back to caring for your patients with confidence.
Our consultants have over 40 years of experience in identifying, evaluating, and remediating HIPAA compliance. We take the time to get to know you and your organization, and we create a comprehensive map of your entire data flow. We pinpoint your vulnerabilities and infractions, we provide a smart, straightforward plan to achieve sustainable, HIPAA compliant data security, and we stand by you and our work in the event of an audit.
People are your weakest link. We deliver effective training to any organizational group to strengthen the whole chain, from end-users, to IT Professionals, to Board of Directors, and every level in-between. Everyone must gain awareness and develop the skills needed in their roles to make an organization resilient to adverse events and incidents.
Our live instructor-led training sessions:
Engage us to follow-up the training with phishing email test campaigns to measure the effectiveness of our training too! We’re confident you’ll see results!
BUY NOW, Contact Us or Schedule Consultation Today
Our highly effective policies and plans are currently in-force at banks, credit unions, healthcare facilities, and DoD contractors. Our careful iterative process ensures your organization is understood before the writing begins. Your policies and plans need to express actual practices, not some templatized check-box fantasy that bears little resemblance to your unique organization.
We will work with you to create a new Information Security Program, or dramatically improve your existing program or any component to include:
Monarch ISC Information Security Program documents have undergone two-decades of regulatory and audit scrutiny, passed every test, and set the standard. They are the bedrock on which you will build your information security program.
V-ISO is our most engaged and complete service offering at Monarch ISC. You select the components, and we execute an annualized program acting as an outsourced member of your internal team.
This package may include everything we offer, or any of several sets of core program components. We bundle your choices, provide privileged pricing, and schedule our year together to build the program foundations. Once the foundations are built, we move into Sustainability Mode, still providing whatever level of engagement you choose.
What’s included?