Search

Department of Defense Cybersecurity Compliance (CMMC)

Americas

The US Department of Defense is addressing the rising threat of cyber-crime to its supply chain through the phased roll-out of the Cybersecurity Maturity Model Certification (CMMC) program.

From the end of 2021 through to 2025, companies bidding for DoD contracts – and their subcontractors and suppliers – must meet the exacting requirements of this certification framework’s five levels of maturity, according to the sensitivity of their work.

Brief

 To obtain and satisfy a government contract’s requirements this contractor needed to comply with the 800-171 framework and assessment methodology published by the National Institute of Standards and Technology (NIST). The company also needed to prepare for the new DoD CMMC requirements for upcoming contracts. 

HKA’s cybersecurity team’s work involved the design, implementation, and ongoing compliance management of a segmented network – an environment created for specific purposes requiring heightened security controls and the protection of sensitive and classified documents and information. This would help ensure the client’s online operations were protected and meets their government contract IT and cybersecurity compliance requirements. 

What we did

To comply with NIST 800-171 requirements, and prepare for their CMMC Level 3 certification, the government contractor had to ensure 130 controls across 17 domains were implemented, formally documented, and routinely tested. Additionally, the contractor also demanded a seamless workspace transition for the teams working within this environment. 

To achieve this, HKA designed and provided a separate, secure cloud-based network. Our team was comprised of CMMC-registered practitioners, some with more than 30 years’ experience, that have worked across government agencies, financial institutions, healthcare providers, and clients in other highly regulated industries. 

Additional to the technical implementation, HKA’s team developed the contractor’s cyber and information security policies, program plans and charters, to formalize all documentation related to the forthcoming CMMC Maturity Level 3 certification requirements. Our team also provided training in essential testing of controls, which enabled the internal compliance team to manage and maintain ongoing compliance. 

Outcomes

HKA delivered the required technology infrastructure, compliant with NIST 800-171, and preparedness for CMMC-certification on time and as specified, while ensuring no disruption to work in progress on the contractor’s projects. 

Not only has the contractor been able to transition all staff smoothly over to this new network environment for contract-related work, its investment in upgraded cybersecurity has also generated commercial returns by securing new government contracts and positions them well for future work. 

"HKA delivered the required technology infrastructure, compliant with NIST 800-171, and preparedness for CMMC-certification on time and as specified, while ensuring no disruption to work in progress on the contractor’s projects. "
Project Details
  • Client
    Government Contractor
  • Year
    2021
  • Value
    US$200,000
  • Services
    Cybersecurity & Privacy, Cybersecurity Maturity Model Certification – CMMC
  • Sectors
    Government Contracts