CMMC 2.0

 

Freedom from Complexity

 

Learn how your business can efficiently manage CMMC compliance & risk mitigation requirements through workflow automation.

  • Replace 18 software solutions required for CMMC certification with a centralized platform that can do it all.

  • Get ready for your first CMMC audit in under 10 weeks.
  • Take advantage of purposely built technology created and enhanced in collaboration with the U.S. Air Force.

    Understanding CMMC 2.0

    The Cybersecurity Maturity Model Certification (CMMC) is designed to protect sensitive Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) for organizations operating within the Defense Industrial Base (DIB).

    In September 2020, the Department of Defense (DoD) published an interim rule to DFARS in the Federal Register (DFARS Case 2019-D041) implementing an initial vision for CMMC 1.0 which became effective with establishing a five-year phase-in period on November 30, 2020.

    The review of more than 850 public comments in response to the DFARS rule led to the refinement of the policy and CMMC 2.0 was released on November 4th, 2021.

    It’s simplified to three levels – Foundational, Advanced, and Expert. Advanced and Expert CMMC compliance requires 3rd-party audits and government-led assessments for more critical information.

    By 2026, the majority of DoD contractors that handle CUI and FCI are required to achieve CMMC Level 2 as a condition of contract award.

     To get an early start, we recommend implementing the NIST SP 800-171 framework required by CMMC Level 2.

    End-to-end Technology for CMMC Compliance

     

    Most small to medium-sized businesses manage NIST SP 800-171 – and now CMMC – implementation ineffectively, through spreadsheets or general-purpose compliance software labeled as CMMC solutions developed within the last 6-9 months to meet requirements for this emerging DoD framework. 

    We offer purpose-built accreditation software that has been operating on the market for over 5 years. Ignyte Assurance Platform efficiently manages CMMC & DFARS compliance & risk mitigation requirements. It tackles communication challenges between stakeholders through workflow automation, predictive data insights, and automated monitoring. We’re leveraging our proprietary software with services to create the end-to-end technology solution tailored to your CMMC needs and requirements.

    Ignyte team offered us a way to make sure that we’ve tightened everything up, feeling confident that our customer base, projects, process, and information are safe. With them, we’ve streamlined our cybersecurity efforts, reaching efficiency, which was not otherwise achievable with our limited resources.

    Jayme Rahz

    CEO, Midway Swiss Turn, Inc.

    We’ve evaluated about six different companies. Ignyte stood out based on their knowledge and experience in cybersecurity, and ability to scale and grow with us. The technology that they’ve built enables them to have the best product at the best price. In combination with their level of service, it really made for a perfect partnership.

    Travis Moore

    CEO, Jemco Components & Fabrication, Inc.

    The Ignyte delivery team exhibits customer service skills that are second to none. Their expert knowledge helped us make the right decisions for our organization in adopting new policies, procedures, and technology. I would say this collaboration saved us a significant amount of time.

    Jeff Kovacich

    VP, Information Technology, Haltec Corporation, Inc.

    System Security Plan (SSP)

    Ignyte Assurance Platform generates NIST-based SSP by identifying all hardware and software installed in your network. This plan also defines Controlled Unclassified Information (CUI) and Covered Defense Information (CDI) to help you assess the next steps and security measures for protecting your sensitive DoD-related data. SSP also instructs and trains your personnel on how to administer secure use of the system by identifying audit, maintenance, and incident response process.

    Plan of Action & Milestone (POA&M)

    Ignyte Assurance Platform automatically creates real-time POA&Ms to track all aspects of your CMMC readiness. The Plan of Action and Milestones (POA&Ms), also referred to as a corrective action plan, is the authoritative agency management tool for documenting the remediation actions of system risk. POA&Ms are used to assist in identifying, assessing, prioritizing, and monitoring the progress of corrective efforts for security weaknesses found in agency programs and systems.

    Supplier Performance Readiness Score (SPRS)

    As the first step in the CMMC readiness process, Ignyte Assurance Platform can help generate a score based on policies and controls implementation for the self-assessment. As of November 30, 2020, all DoD prime and subcontractors are required to submit scored self-assessments against current NIST 800-171 requirements under the new DFARS Interim rule before being awarded any new contracts.

    CMMC on our Blog