CMMC Compliance and NIST 800-171 Support For Small Business Contractors & Subcontractors
SSE has been accredited by the CMMC Accreditation Body as a Registered Provider Organization (RPO).
With the complexities around Cybersecurity Maturity Model Certification (CMMC), NIST 800-171, and the DFARS Interim Final Rule, SSE can serve as your expert in helping pursue projects from the U.S. Department of Defense with confidence.
DoD Outlines Significant Changes to CMMC with Version 2.0
The DoD announced in late 2021 that CMMC version 1.0 will be replaced with a streamlined program called CMMC 2.0. The previous model that had 5 CMMC levels has been simplified to 3 CMMC levels:
- Level 1 “Foundational” remains unchanged
- Level 2 “Advanced” is what Level 3 was formerly, but has been simplified to align with the 110 practices of NIST 800-171
- Level 3 ‘’Expert” is what Level 5 was formerly, with additional specifics on the number of practices to be defined by the DoD
Expedited Timeline
- NIST 800-171 related provisions call for:
- Submission of MANDATORY Self-Scoring Required (Weighted 110 Point Scale)
- Tracked in DoD Supplier Performance Risk System (SPRS)
- Submission of SSPs and POAMs May Be Required
CMMC Timeline
- January 2020 CMMC 1.0 Released
- November 2020 DFARS Rule Change…Interim Final Rule Effective
- November 2021 CMMC 2.0 Announced
- September 2022 Earliest CMMC 2.0 Becomes Law Following Rulemaking Process
- December 2023 Latest CMMC 2.0 Becomes Law Following Rulemaking Process
Between September 2022 & December 2023, all DoD contractors will need to meet CMMC requirements
As a long-standing IT service provider supporting DOD contracts for more than 12 years, we have maintained networks to the NIST 800-171 and NIST 800-53 standards since they came into existence. Our unparalleled experience in managing classified data and controlled unclassified information through evolving cybersecurity regulations is built on established expertise and customer service.
We meet the needs of defense contractors through a proven technology stack of hardware and software tools, in combination with our documented policies and established expertise, to identify and remediate gaps in compliance with regulations. Our team of technology and security professionals can perform risk assessments, support the remediation of your environment and ensure effective CMMC audit preparation with our expert services and ISO-9001:2008 compliant processes.
SSE Can Help You Prepare Your Business
At SSE, we know these evolving requirements can feel overwhelming. As a Registered Provider Organization (RPO) with the CMMC Accreditation Body, we are up to speed on the latest changes. Let us demonstrate how our dedicated professional services can help prepare your business for CMMC compliance by educating your business on basic cyber hygiene, assessing security requirements, identifying risk measurement criteria, and more. Don’t wait! Schedule your complimentary CMMC Readiness Assessmenttoday. Fill out the form on the right to get started with the CMMC certification process.
