Lionfish Cyber Security

Cybersecurity Maturity Model Certification
(CMMC)

The Cybersecurity Maturity Model, a.k.a. the CMMC model, set forth by the DoD measures cybersecurity maturity using three levels. It aligns a set of processes and practices to protect your valuable information and deter possible associated threats. The CMMC 2.0  consists of maturity processes and cybersecurity best practices from multiple cybersecurity standards, frameworks, and other references including the basic safeguarding requirements for FCI specified in FAR Clause 52.204-21 and the security requirements for CUI specified in NIST SP 800-171 per DFARS Clause 252.204-7012. CMMC levels 1 through 3 go from a basic cyber hygiene level to an advanced cyber hygiene level.

The purpose of CMMC 2.0 is to figure out what level of hygiene your company is required to be at in RFP sections L and M and then be able to bid on each proposal. The Cybersecurity Maturity Model maps a set of 17 domains and 171 cybersecurity best practices across the different levels. And to be able to achieve a CMMC level of cybersecurity, an organization also has to achieve all the CMMC levels preceding it. So if your company meets CMMC level 1 but the RFP needs it to meet CMMC level 3, you might be unable to bid on the contract.

The CMMC Certification is the official document that certifies your company’s compliance with NIST 800-171. CMMC 2.0 is being created to assess and enhance the cybersecurity posture of the defense industrial base (DIB). Think of the CMMC Certification as a way to verify and make sure there are appropriate levels of cybersecurity controls and processes in place to protect CUI (Control Unclassified Information) residing on the department's industry partner's networks. The CMMC Certification entails training and certification followed by assessment by a third party assessor. When you get CMMC certified, you decrease your company's chances of getting breached and the damage that it causes to your company and to the government.

The By-With-Through Model™ from Lionfish Cyber Security helps meet CMMC requirements because it is a self-aid, mentoring program with a command-and-control element that allows for on-demand scaling of training and incident response resources. The BWT Model™ is designed to ensure organizations are proficient in foundational concepts and skills across key areas of cyber security. This is accomplished through an integrated employee training suite, on-the-job training (OJT), participation in a mentoring program, and ongoing support that includes professional managed security services and a 24/7 cyber hotline.

Drawing on the Cyber Maturity Model Certification, The BWT Model™ becomes your organization’s cyber security shield by providing you with the finest training, planning, and support that will significantly improve your ability to defend against cyber-attacks targeting your company and community. This cyber security model certification will dramatically reduce your chances of getting breached. 

Portrait of happy young attractive asian entrepreneur woman looking at camera using smart tablet in warehouse with inventory management or industry digital era concept. Asian small business or sme.
rpo and ltp-badge

We follow the “by-with-and-through” mentality of the Army special forces, because the Pentagon's push to protect industrial base networks and controlled unclassified information (CUI) from cyber attacks falls under CMMC.

Defense Industrial Base (DIB) contractors for the Department of Defense (DoD) are required to provide certified assurance based on the CMMC framework. The CMMC framework is a set of mandatory cybersecurity requirements that all contractors within the DoD supply chain will be required to implement and be verified by an independent CMMC Third Party Assessment Organization (C3PAO).

The CMMC framework establishes five certification levels that define the minimum-security posture, or cyber maturity, an organization must achieve based on the sensitivity of its information. Eligibility to receive a new DoD contract award or renewal is dependent on achieving CMMC certification, outlined in each program’s acquisition strategy or RFP.

The Lionfish CMMC Certification program using the BWT Process™ will bring you to a level of cyber control you can count on…hook, line and sinker.  We are currently offering support for CMMC levels 1-3 as part of our By-With-Through Model™.

Don't Get Underwater...

Certification can be an arduous assignment with a roadmap,
but we know how to kick into action and school your team in the right direction.

  • Are you a Prime Contractor?
    Helping your subs prepare for the Cybersecurity Maturity Model Certification with the Lionfish BWT Model™ brings these benefits:

    • Confidence subs will meet CMMC requirements.
    • System can be co-branded with prime’s logo and colors. Build loyalty with subs.
    • Subs save time and money with one-stop option to learn, implement, monitor and manage CMMC solutions.
    • Ensure subs have ongoing protection and compliance.

TRANSPARANT-01
Lionfish Cyber Security - LOGO
  • Benefits of the Lionfish BWT™ managed security service platform:

    • Uniquely credentialed to assist you to qualify for and maintain government contracts
    • Supplement your staffing needs with our seasoned security professionals and apprenticeships
    • Management of routine IT tasks to save you time and focus on your business
    • Affordable enterprise-level managed security services designed specifically for small businesses
    • Proactive Technology Management to prevent malicious activity
    • Cyber awareness training to achieve data care best practices that protect your most valuable assets – customer and employee data
    • We quickly identify, remediate and set up appropriate disaster recovery mechanisms to keep your business running smoothly

  • We are Registered, So We Are Ready to Serve You…

    Lionfish is a CMMC Registered Provider Organization (RPO) and a CMMC Accredited Practitioner™, so we are able to assist you with your CMMC requirements.  As a disabled vet-owned business, we provide guidance and activity-driven models for small businesses that seek to achieve a high standard of cybersecurity excellence and meet the required CMMC levels through cyber deterrence and resilience. We are working towards a world where all businesses are cyber resilient and are no longer easy targets for cyber-attacks. 

    CMMC guidelines require DoD contractors to meet mandatory requirements and go through multiple assessments to prove their CMMC certification level. Lionfish Cyber Security will assist you in determining the CMMC levels of certification the DoD requires of your company, which all begin with minimal cyber hygiene requirements. And we make sure you meet all the required CMMC levels.

Lionfish Cyber Security

What Exactly is CMMC?

The Cybersecurity Maturity Model, a.k.a the CMMC model measures a company’s cybersecurity maturity with five levels and aligns a set of processes and practices with the information you wish to protect, and possible associated threats. The CMMC model consists of maturity processes and cybersecurity best practices from multiple cybersecurity standards, frameworks, and other references.  The model encompasses the basic safeguarding requirements for FCI specified in FAR Clause 52.204-21 and the security requirements for CUI specified in NIST SP 800-171 per DFARS Clause 252.204-7012. When you meet the required CMMC levels, you significantly reduce your chances of getting breached.

Why Was It Created?

DOD will migrate to the new CMMC framework in order to assess and enhance the cybersecurity posture of the Defense Industrial Base (DIB). The CMMC certification is intended to serve as a verification mechanism to ensure appropriate levels of cybersecurity practices and processes are in place to ensure basic cyber hygiene.  The CMMC changed the need for self-assessment and in some cases mandates verification of a company's cybersecurity maturity level by a third party assessor. The CMMC certification will also help protect controlled unclassified information (CUI) that resides on the industry partners’ networks.

 

Where to Begin…

Below you will find CMMC practices grouped by level and by domain. Each practice contains helpful publicly available cybersecurity resources and clarification from CMMC Model v1.02 Appendix B.

Need guidelines for assessing CMMC practices?

Have questions about NIST 800-171 or CMMC compliance?  We are happy to answer any of your questions about our product offerings.

CMMC Blogs

CMMC icon (1)

Getting Ready for New CMMC Requirements Now

Right off the bat, we’re here to tell you that anyone promising you a sure-shot solution to all your CMMC woes is trying to pull a fast one on you. The Cybersecurity Maturity Model Certification (CMMC) is a comprehensive move by the U.S. Department of ...

Read More 

CMMC_DFARS Rule and What it Means for you

Achieving CMMC: The Interim DFARS Rule and What It Means for You

The Cybersecurity Maturity Model Certification (CMMC) was formally made part of the Defense Federal Acquisition Regulation Supplement (DFARS) in January 2020. The decision sent over 300,000 members of the defense industrial base (DIB), mostly small and midsize businesses (SMBs), into a state of frenzy. Most ...

Read More 

Katie Arrington

CISO for DoD Acquisition Office

“Every company within the DoD supply chain — not just the defense industrial base, but the 300,000 contractors — are going to have to get certified to do work with the Department of Defense,” Katie Arrington said at the 2020 Intelligence and National Security Summit. “We get everyone on a level-set playing field for cybersecurity, and then we can really start looking at our supply chain, where our most and greatest vulnerabilities lie and how we can work together in a collaborative event with industry.”