CMMC V2.0 (Cybersecurity Maturity Model Certification) is a unifying standard for the implementation of cybersecurity across the Defense Industrial Base (DIB). CMMC is designed to provide increased assurance to the Department of Defense (DoD) that a DIB organization can adequately protect sensitive unclassified information, accounting for information flow down to subcontractors in a multi-tier supply chain.
As a C3PAO authorized by the CMMC Accreditation Body (Cyber AB), iPower is qualified to perform assessments for the CMMC framework. The certification process is intended to serve as a verification mechanism to ensure that DIB companies implement appropriate cybersecurity practices and processes to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within their unclassified networks.
CMMC Assessment Services
As a C3PAO authorized by the CMMC Accreditation Body (Cyber AB), iPower will lead official CMMC assessments as part of the certification process. iPower’s CEO and President, Deborah Hunt, is a Cyber-AB Provisional CMMC Lead Assessor and Certified CMMC Assessor (CCA).
CMMC V2.0 is comprised of 3 levels, starting with basic cyber hygiene that enables safeguarding of FCI and progressing up to safeguarding of CUI using advanced/progressive cybersecurity controls and techniques that protect against advanced persistent threats (APTs). During each assessment of the CMMC, our team will review tangible artifacts and conduct interviews to evaluate compliance with applicable CMMC requirements. Following completion of the assessment, iPower will provide an assessment report noting any findings and deficiencies and will report the results to the Cyber AB for review and approval.
Joint Surveillance Voluntary Assessment Program (JSVAP)
The Joint Surveillance Voluntary Assessment Program (JSVAP) is a joint assessment program authorized by the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) that allows DIB contractors with an active DoD contract to undergo a DIBCAC NIST 800-171 assessment. iPower, as an Authorized C3PAO, is nominating defense industrial base (DIB) contractors to take part in the JSVAP.
The JSVA score will be recorded by the DIBCAC in the Supplier Performance Risk System (SPRS). The current messaging from the DoD is that the successful JSVA will convert to a CMMC Level 2 certification, effectively extending the time duration before re-certification is needed.
Our CMMC/NIST 800-171 experts with assess your organization to ensure you qualify for a JSVA with the DIBCAC - for example the number one criteria is that you have an active DoD contract
We will request the Cyber AB coordinate and schedule a JSVA with the DIBCAC
DIBCAC will determine priority and order of all JSVAs and schedule of all JSVAs
CMMC Consulting and Implementation Services
As a CMMC Registered Practitioner Organization (RPO), iPower provides consulting and implementation support to organizations seeking to implement CMMC standards and prepare for a CMMC assessment. We have a matrixed team of CMMC Registered Practitioners (RPs) with expertise in CMMC requirements that can be brought to bear to help your organization succeed in your CMMC initiative.
iPower’s experienced CMMC RPs and subject matter experts (SMEs) provide the full range of consulting and support services including, but not limited to, the following:
Helping to defining the scope and objectives of the CMMC initiative
Conducting gap analyses to gauge your current level of compliance
Highlighting strengths, weaknesses, and opportunities for improvement
Developing corrective action plans
Providing hands-on coaching and mentoring support and facilitated work sessions, in a one-on-one setting or in small working groups
Developing or reviewing process assets (e.g., security policies, security plans, etc.)
Helping to prepare for official CMMC assessments
Planning, tracking, reporting, and managing the CMMC implementation effort with Project Management Institute project management best practices