The DoD has rolled out its Cybersecurity Maturity Model Certification (CMMC), but it will take five years to be fully implemented. In the meantime, the DoD has instituted an interim rule as a cybersecurity stop-gap to ensure all contractors follow best practices. The CMMC Interim Rule consists of implementing the controls of the DFARS/NIST 800-171 standard, combined with additional steps and reporting.
At S3 ARMSEC, LLC our professionals have extensive experience working with these regulations, and in helping companies strengthen their cybersecurity to meet federal requirements. No matter how complex your IT infrastructure is, we can help safeguard it.
The System Security Plan (SSP) is a deliverable of the CMMC Interim Rule assessment. It is a comprehensive blueprint of the security policies and procedures that demonstrate how the contractor will keep Controlled Unclassified Information (CUI) data secure. The SSP is also input to an incident response plan for a potential breach. S3 ARMSEC performs the CMMC Interim Rule assessment and generates the SSP and other required documents that must be submitted to the DoD.
If a DoD contractor’s system doesn’t meet the 110 controls of the Interim Rule, the contractor must also include a detailed corrective action plan – a Plan of Actions and Milestones (POAM). The POAM must outline all proposed deficiency remediations and the timeframe in which each item will be completed. S3 ARMSEC performs and scores the assessment and automatically generates the required SSP and POAM.
Let the experts at S3 ARMSEC, LLC assess your IT infrastructure and safeguard it against attacks. Don’t risk your valuable government contracts: we’ll help you implement advanced solutions so you can stay compliant with DoD mandates, and so you can retain the contracts that your business relies on.