CMMC Services

CMMC V2.0 (Cybersecurity Maturity Model Certification) is a unifying standard for the implementation of cybersecurity across the Defense Industrial Base (DIB). CMMC is designed to provide increased assurance to the Department of Defense (DoD) that a DIB organization can adequately protect sensitive unclassified information, accounting for information flow down to subcontractors in a multi-tier supply chain. 

As a C3PAO authorized by the CMMC Accreditation Body (Cyber AB), iPower is qualified to perform assessments for the CMMC framework. The certification process is intended to serve as a verification mechanism to ensure that DIB companies implement appropriate cybersecurity practices and processes to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within their unclassified networks.

CMMC Assessment Services

As a C3PAO authorized by the CMMC Accreditation Body (Cyber AB), iPower will lead official CMMC assessments as part of the certification process. iPower’s CEO and President, Deborah Hunt, is a Cyber-AB Provisional CMMC Lead Assessor and Certified CMMC Assessor (CCA).

CMMC V2.0 is comprised of 3 levels, starting with basic cyber hygiene that enables safeguarding of FCI and progressing up to safeguarding of CUI using advanced/progressive cybersecurity controls and techniques that protect against advanced persistent threats (APTs). During each assessment of the CMMC, our team will review tangible artifacts and conduct interviews to evaluate compliance with applicable CMMC requirements. Following completion of the assessment, iPower will provide an assessment report noting any findings and deficiencies and will report the results to the Cyber AB for review and approval.

Joint Surveillance Voluntary Assessment Program (JSVAP)

The Joint Surveillance Voluntary Assessment Program (JSVAP) is a joint assessment program authorized by the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) that allows DIB contractors with an active DoD contract to undergo a DIBCAC NIST 800-171 assessment. iPower, as an Authorized C3PAO, is nominating defense industrial base (DIB) contractors to take part in the JSVAP.  

The JSVA score will be recorded by the DIBCAC in the Supplier Performance Risk System (SPRS). The current messaging from the DoD is that the successful JSVA will convert to a CMMC Level 2 certification, effectively extending the time duration before re-certification is needed.

What do you need to do to schedule a JSVA?

  • Contact iPower LLC, as an authorized C3PAO, info@ipowerllc.com
  • Our CMMC/NIST 800-171 experts with assess your organization to ensure you qualify for a JSVA with the DIBCAC - for example the number one criteria is that you have an active DoD contract
  • We will request the Cyber AB coordinate and schedule a JSVA with the DIBCAC
  • DIBCAC will determine priority and order of all JSVAs and schedule of all JSVAs

CMMC Consulting and Implementation Services

As a CMMC Registered Practitioner Organization (RPO), iPower provides consulting and implementation support to organizations seeking to implement CMMC standards and prepare for a CMMC assessment. We have a matrixed team of CMMC Registered Practitioners (RPs) with expertise in CMMC requirements that can be brought to bear to help your organization succeed in your CMMC initiative.

iPower’s experienced CMMC RPs and subject matter experts (SMEs) provide the full range of consulting and support services including, but not limited to, the following:

  • Helping to defining the scope and objectives of the CMMC initiative
  • Conducting gap analyses to gauge your current level of compliance
  • Highlighting strengths, weaknesses, and opportunities for improvement
  • Developing corrective action plans
  • Providing hands-on coaching and mentoring support and facilitated work sessions, in a one-on-one setting or in small working groups
  • Developing or reviewing process assets (e.g., security policies, security plans, etc.)
  • Helping to prepare for official CMMC assessments
  • Planning, tracking, reporting, and managing the CMMC implementation effort with Project Management Institute project management best practices