CYBER SECURITY MATURITY MODEL CERTIFICATION (CMMC)

Increasing the security and visibility of the entire chain

Security in the supply chain is presently one of the industry's main challenges. This applies to many industries, perhaps especially the defence industry. CMMC (Cybersecurity Maturity Model Certification) is a standard defined by the US Department of Defense to enhance the cybersecurity of companies that deliver solutions to the US military. Certification in compliance with this model will be required by all companies included in this supply chain, estimated at around 350,000 companies. As early as this autumn, certification will be required to participate in procurements, so it is high time to start implementation. The purpose of the certification is to increase security and visibility throughout the chain.

CMMC is based on other standards such as NIST 800-171, GIST 800-53, CSF, ISO 27002, CIS v7 and Secure Controls Framework, and has been developed by the US military together with industry and academia. The model is based on five different maturity levels that represent a company's level of security in terms of technology, processes and behaviour. Level 1 entails a basic level of cybersecurity, while level 5 is an advanced level.

About Cybersecurity Maturity Model Certification

Version 1.0 of the standard was published on 31 January 31 2020.
Mandatory for any company that wants to do business with the US military.
Valid from autumn of 2020. If compliance cannot be demonstrated, companies can be excluded from procurements.
There are five maturity levels to certify against. The applicable level is determined for each procurement but depends on the type of activity and need for protection.
Certification is required by an independent third party.

OUR EXPERTISE & COMPETENCE IN CMMC

Combitech is an independent consulting firm that does not act as a certifier in this area but rather assists companies with expertise and guidance in achieving CMMC compliance.
We have broad expertise in the entire field of cybersecurity and in system security. Both aspects are covered by CMMC. We can support an organization through implementation to certification, as well as in continuous work with security.
We have extensive experience of the cybersecurity standards and frameworks that are included in CMMC.
Combitech has thorough technical expertise in all relevant control areas and can assist in a complete implementation.

OUR SERVICES

Combitech works with a six-step model for implementation and compliance with CMMC. The model is adapted together with the customer to meet the specific needs that exist.

Examples of approaches:

1. Define goals and scope

2. Start with analysis of the organization and the present situation

3. Identify gaps and deficiencies against the controls at the selected level of CMMC. Technology, processes and organization and awareness are included.

4. Develop a CMMC compliance plan. Identified gaps and deficiencies must be addressed. Examples of basic areas of CMMC – see model at the left

5. Create an organization for handling deficiencies and enforcement.

6. Implement the plan and ensure continuous compliance through, among other things, integration of measures in existing processes.

Secure Products

With over 55 billion products forecast to be connected by the year 2020 - Securing your products, from development to release and support, is more important than ever before. We make secure products a reality.

Secure Business

In a fast moving world and a global market, Combitech ensures long-term continuity and 24/7 protection for Your business.

Safe Society

We have a long and close relation to the defence and defence industry, built on mutual understanding for the importance of a high level of security and secrecy. We use this experience to support and educate public and private organisations in preventing and acting on threaths, nature disasters or cyber attacks etcetera.

Contact details