CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171

Announcing:

GMS Registrar is now a CMMC AB Approved RPO.

We can now assist the DOD Industrial Base in all CMM Certification matters.

CMMC Rev2.0 announced on 11/4/2021.

There are important changes in the CMMC New Version

How do these changes work with ISO/IEC 27001 and NIST 800 -171 and what does this mean in terms of Contract Readiness?

Find out which of these applies to your organization and how they work together on:

February 10, 2022 - 12:00 PM ES

Is More Better?

Kyle Gingrich, vice president for training and development at the Cybersecurity Maturity Model Certification (CMMC) program’s Accreditation Body said that while not required under the new model, there is some industry demand for CMMC level 1 assessments in addition to self-attestation, particularly for larger defense companies that use subcontractors.

“We do know that there are primes that are out there that may be looking to have their subcontractors go through some kind of training and verification to ensure that when they hire them, they understand the rigor required to be an assessor and how to do it properly, as opposed to just relying on self-attestation,” Gingrich said.

“Now clearly, that's not mandated by the DOD. But that is something that we are hearing in the industry that ... if you're going to represent us as an organization, we want to make sure that you have done the proper due diligence.” Federal Computer Week, JANUARY 4, 2022

Primes and their requirements are not the only reason to seek additional certifications. The Polaris GWAC is an example:

Polaris GWAC - Certification Counts

The Polaris GWAC is an efficient way for Government to access highly qualified small business information technology (IT) service providers.

It’s significant to note that the following is included in the Polaris Draft RFP:

L.5.4 Volume 4 – Systems, Certifications, and Clearances

The following Systems, Certifications, and Clearances are not minimum or mandatory requirements however, Offerors who demonstrate having these Systems, Certifications, and Clearances within their proposal will be considered more favorably.

See Section M.6., Scoring Table:

1. Cost Accounting System and Audit Information (4000) Points

2. Approved Purchasing System (1000) Points

3. Capability Maturity Model Integration (CMMI) Certification (500points for level 2) and (750 points for level 3)

4. ISO 9001: 2015 Certification. (750 Points)

5. ISO 20000-1:2018 Certification. (750 Points)

6. ISO/IEC 27001:2013 Certification (750 Points)

7. Organizational Risk Assessment. (8,500 Points)

This will continue to be a trend on upcoming contracts

Find out more on: February 10, 2022 - 12:00 PM EST

Government Contracting and the requirements in 2022 and after

CGB Corp assists customers in the planning and execution of Various Process Capabilities that will enhance win Ratio.

This includes Documentation, Implementation, conducting audits and providing on-going support through the application of its proprietary QSRPF Protocols (i.e., Quality Management Systems, Security Management Systems, Risk Management Systems, Program Management and Financial Systems)

Services include:

* IT Services delivered through multiple standards such as ISO and CMMI and CMMC (per NEW DOD Rules)

* Financial Services such as Earned Value Management, Cost Estimation, Accounting System and IPMDAR

* Medical Technology Services such as Medical Device Manufacturing Processes (including FDA Mandated Product Re-call processes, Safety concerns and Clinical efficacy requirements)

CLICK HERE FOR MORE INFORMATION