Secure Your Business and Defense Contracts

Get backup from our team of security and compliance experts to prepare your organization for meeting CMMC standards.

CMMC

Cybersecurity Maturity Model Certification

What is the CMMC?

Prepare your security program to meet future DoW requirements

The CMMC (Cybersecurity Maturity Model Certification) outlines the information security requirements the DoW enforces on its DIB partners.

It is the defined set of requirements for any DoW contractor that receives, stores, processes, or transfers any type of CUI (Controlled Unclassified Information) or FCI (Federal Contract Information). The CMMC is made up of 3 different tiers according to the level of information that is used to fulfill the contract. The level of CMMC compliance is defined in your contract.

How can we help?

Speak with one of our CMMC registered practitioners to get started on your path to compliance.

How does FRSecure approach CMMC?

It is vital for any DIB partner to know exactly where they stand on the CMMC information security requirements. Reporting false or inaccurate information in the SPRS system or while bidding can severely hinder an organization’s ability to bid on federal jobs in the future.

FRSecure uses the latest information available from the DoW and the CMMC-AB, along with several CMMC CCP/CCA’s to help its clients make sure they are ready for a CMMC assessment. We help with scoping, develop control remediation strategies, and walk you through each control that is required to be compliant.

Additional Service Options

What to Expect from an Engagement with FRSecure

Risk Assessment

Risk assessments measure four controls of your security program and maps those to CMMC standards.

Gap Assessment

We will determine where you fall short of CMMC compliance and tell you how to fill gaps in order to meet requirements.

Virtual CISO

A security expert in your back pocket, virtual CISOs provide a dedicated security resource to help grow your security program.

Roadmapping

Roadmaps provide a detailed plan to help your organization get from its current point to one that meets certification.

Registered Practitioner

View accreditation >

Certified CMMC Pro

View certification >

CMMC Levels

Level 1: Foundational

Level 1 focuses on the protection of FCI and consists of only practices that correspond to the basic safeguarding requirements specified in 48 CFR 52.204-21, commonly referred to as the FAR Clause. It is equivalent to all of the safeguarding requirements from FAR Clause 52.204-21.

Level 2: Advanced

Level 2 focuses on the protection of CUI and encompasses the 110 security requirements specified in NIST SP 800-171 Rev 2. Self Assessment may be allowed at this level as well.

Level 3: Expert

Level 3 will be based on a subset of NIST SP 800-172 requirements. Details will be released at a later date.

CMMC FAQ

Who created the CMMC?

The CMMC was created by the US Department of War as a way to establish third party validation of controls because self-assessment was overall ineffective.

Who needs to comply with the CMMC?

If you’re a part of the DIB supply chain and your contracts stipulate DFARS 252.204-7021 requirements. Contracts where CUI or FCI are handled will have CMMC requirements.

What's required to comply with the CMMC?

Your CMMC requirements will depend on the type of contract you’re trying to participate in.

The CMMC model consists of 15 practices in level one, 110 practices in level two, and 110+ in level three stemming from NIST SP 800-171.

How do we comply with the CMMC?

Specific controls are assessed based on the CMMC level that the contract requires.

The best way to ensure compliance with the CMMC model is to establish a POA&M and SSP and then determine any gaps in your existing information security program.

“PGC has worked with FRSecure since late 2013. We have utilized their services for information security risk assessments, virtual CISO services, NIST standard process implementation, and training programs. FRSecure staff are knowledgeable, thorough, and helpful in allowing us to achieve our goal of supporting customers who serve the aerospace and military industries. We highly recommend FRSecure. You will be delighted with their offerings and results.”

Owner

PGC

The FRSecure Way

Why work with FRSecure?

Expertise

FRSecure has been in business for over 10 years, and our team has more than 300 years of combined experience working in information security and boasts 30 different kinds of certifications. When it comes to growing a security program that complies with CMMC, you have the benefit of experience in your corner.

Mission

Our mission at FRSecure is to fix the broken information security industry. Not only do we help comply with the CMMC, but we also solve as many weaknesses as we can in your security environment. We are dedicated to making real, lasting, impactful changes to your security program.

Style

Our style isn’t “cookie cutter.” We recognize that each organization is different, and every security program is at a different stage of maturity. We get to know your security program intimately, use an information security risk assessment to determine what your strengths and weaknesses are, and then apply industry best practices to provide the next steps that’ll help you comply with CMMC.

Focus

Information security is all we do. We don’t do IT, sell hardware, or provide telco services. We only do security. Because of this, our team can provide unbiased recommendations that will actually make a dramatic impact to the way you do security. We work hard to be a partner—collaborating with and educating your team every step of the way.

“FRSecure wants to make sure that they give you exactly what you need, and that’s the primary reason that I went back to them. They really offer you very personal instruction and guidance.”

Senior IS Officer

First National Minnesota Bank