Cybersecurity Maturity Model Certification (CMMC)
CMMC compliance isn't just a regulatory necessity – it's a strategic advantage. Position your organization as a trusted partner and build client confidence by demonstrating a commitment to robust cybersecurity. CMMC 2.0 is in effect as of December 16th, 2024. It is crucial to position yourself to complete an assessment stay ahead of your competition. CMMC Third-Party Assessor Organizations (C3PAO’s) are not as abundant as you may think and their time is valuable, there will be a struggle among organizations seeking a CMMC certification to book an assessment with them.
For the most current information on the CMMC Program, visit the official DoD CMMC site.
CMMC Infrastructure & Network Consulting
Compliance Program Governance
Technical Architecture Advisory
CMMC Training & Education
Crux Security Platform for your CMMC Program
Quickly start your security CMMC journey
Small to medium sized technology companies — protect your data, support client requirements, complete security audits, and respond to investment due diligence activities.
Our platform provides a complete and solid security program to support CMMC compliance. There is no easy button when it comes to CMMC. Let Crux's seasoned security professionals help guide your company through the nuances, challenges, and approaches to become compliant with CMMC.
- Standards Aligned Policies
- Automated Tools
- Security Training
- Progress Tracking
- Support
What types of activites are included in Crux's CMMC Support Services?
Activities involved in the roadmap can vary widely depending on the maturity of the company. The focus of these engagements will be on the controls of NIST 800-171 or applicable CMMC frameworks, including, but not limited to:
- NIST SP 800-171 Rev. 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
- CUI Environment Scoping & Data Flows
- Description of system boundaries
- System Security Plan (SSP)
- Instructions for managing the organization’s SPRS Score
- System environments of operation (Major applications, Support systems, Minor applications)
- Advising around IT & Cybersecurity tech stack
- Change Control
- Incident Response Plan (IRP) and Procedures
- Identity & Access Management (IAM) solutions and methodology
- Remote Access Management
- Support for implementing tools for log management and Security Event Information Management (SEIM)
- Connections to other systems/networks
- Wireless Standards
- Domain Name Service (DNS)
- VoIP (Voice over Internet Protocol)
- Web Filtering approaches
- Asset Management (Hardware, Software, & Applications)
- Mobile Device Management (MDM)
- Secure Email Gateways (SEG)
- DMARC/DKIM/SPF Setup
- Network Segmentation and Architecture
- Secure Baselines
- Security Awareness Training and Testing
- Vulnerability Management & Patching Program
- Threat Intelligence Feeds
- Background Screening
- Physical Security and Access Controls
- Visitor Management System / Visitor Logs
- Business Continuity and Disaster Recovery (BC/DR)
- Confidentiality and Non-Disclosure Agreements (NDA)
- Data Classification Procedures
- Staff Training and Competency Assessment
- Managing Flow Down Clauses & Supply Chain Risk Management (SCRM)
- Plan of Actions & Milestones (POA&M)