HBS logo

HBSCYBERSECURITY

CMMC

Preparing your company for Department of Defense supply chain requirements.

Earn your CMMC certification. Improve security. Win DoD contracts.

HBS is a CMMC Registered Provider Organization™ (RPO). Our experienced cybersecurity professionals guide organizations through the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification. If the DoD is ultimately your customer or your customer's customer, you should start working now on your CMMC certification.

Where to start with CMMC:

  • If you are at a CMMC level that requires assessment, allow yourself 8-12 months to complete CMMC certification
  • Pursue NIST 800-171 standards to prepare for CMMC
  • Engage a Cyber-AB registered provider organization for guidance and prep

Since CMMC’s launch, HBS has been on the front edge of preparing clients to reach their CMMC goals. Our deep experience with governing organizations means our professionals know the right questions to ask decision makers about your specific situation, preparing you to meet your requirements by the deadline.

HBS’s work with the Defense Federal Acquisition Regulation Supplement (DFARS), Federal Information Systems Management Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP) and more positions us to help companies pursue CMMC certification. Talk to Sales

Find the right CMMC level for you.

Protecting your opportunity for contracts with the DoD means understanding exactly which CMMC requirements apply to you

We help you implement a plan that lets you get to work on new contracts while continuing to update your policies.

How CMMC Works

In 2020, the DoD began moving toward requiring CMMC compliance for every vendor in its supply chain—300,000 companies when the process is complete. So whether your firm delivers completed fighter jets to the Pentagon or builds an electronic control inside those jets, your future contracts depend on meeting CMMC requirements in the near future.

Protecting your opportunity for contracts with the DoD means understanding exactly which CMMC requirements apply to you. HBS’s professionals will help you identify the standards you need to meet, including whether you fall into the group that requires third-party certification of your security protocols.  Talk to Sales

Selecting the Right CMMC Level

HBS will help identify the CMMC Level your work requires. While the original CMMC release included five levels, CMMC 2.0 now includes three levels.

Level 1: Foundational

This level will apply to most companies in the Defense Industrial Base (DIB) and requires compliance with 17 basic cyber hygiene practices. Companies at this level can provide an annual self-attestation regarding their compliance.

Level 2: Advanced

This level applies to companies that handle Controlled Unclassified Information (CUI). At this level, companies must comply with the requirements of NIST SP 800-171, which is already required of most companies handling CUI. Some companies at this level will be required to pursue a third-party certification of their security program based on whether they are engaged in what the DoD labels a “prioritized acquisition.”

Level 3 Expert

Details have not yet been released for this level, which will apply to companies handling the most sensitive information from the DoD.

Interested in CMMC?

Request a meeting with one of our experts today.