DOD Cybersecurity Services – CMMC

Support for SMB DoD Contractors

Our team of technology and security professionals can not only help assess your risk, but support the remediation of your IT environment. As an IT service provider supporting DOD contracts for over 10 years, we have maintained networks to the NIST 800171 and NIST 80053 standards since they came into existence. Our proven technology stack of hardware and software tools in combination with our documented policies is the jump start you need to get into compliance. From there, your team can maintain your compliance, or opt to let us manage your IT environment to maintain your compliance with our expertise.

CMMC

The Office of the Assistant Secretary of Defense for Acquisition started the process of creating the Cybersecurity Maturity Model (CMMC) in March 2019.

The CMMC has been in development for several months in a collaborative effort with Johns Hopkins University Applied Physics Laboratory, Carnegie Mellon University Software Engineering Institute, Defense Industrial Base Sector Coordinating Council (DIB SCC), Office of Small Business Programs, as well as many others.

The CMMC effort has had a great deal of support from our industry associations such as the National Defense Industrial Association (NDIA), the Aerospace Industries Association (AIA), and the Professional Services Council (PSC) in getting the CMMC information out to the Department of Defense supply chain. We appreciate all of these efforts to secure our collective national defense. Read More- https://www.acq.osd.mil/cmmc/draft.html

3 Steps To Confident CMMC Compliance

1 – GAP ASSESSMENT

ATS will conduct a gap assessment of the Unclassified Internal Networks system against the security requirements defined by CMMC* to provide a report on any findings and remediation recommendations identified during the analysis

ATS will also conduct a comprehensive gap analysis of the Unclassified Internal Networks system with the support of key personnel in order to ascertain the information systems authorization boundary and compliance posture, for overall preparedness for complying with CMMC requirements. ATS will provide a comprehensive overview of findings discovered during discussion and documentation review, as well as recommendations to remediate those findings

2 – REMEDIATION

Once the assessment is complete and the strategy has been developed, our team gets to work implementing any necessary network system changes needed, including:

  • Add Group Policy exports
  • Policy documents templates
  • Additional remediation work will be scoped and executed as individual projects, including:
    • Additional Server/Workstation configurations
    • Workstation/Server replacement
    • Ancillary equipment (switches, ports)

3 – COMPLIANCE AS A SERVICE

Compliance is not a one-time effort. Ongoing compliance requires management of tools, settings, policies, and effectivity, as well as additional and ongoing evidence collection to support ongoing compliance and hardeningUnclassified Internal Networks. ATS Compliance As A Service includes monitoring your network systems for any potential cybersecurity instances through:

  • Internal and External vulnerability scans
  • Cybersecurity alerting and monitoring
    • Deployment
    • Remediation
    • Management
  • Policies/Procedures
  • Compliance Reporting