Lionfish Cyber Security

Cybersecurity Maturity Model Certification

The CMMC model set forth by the DoD measures cybersecurity maturity using five levels and it aligns a set of processes and practices to protect your valuable information, and deter possible associated threats. The model consists of maturity processes and cybersecurity best practices from multiple cybersecurity standards, frameworks, and other references including the basic safeguarding requirements for FCI specified in FAR Clause 52.204-21 and the security requirements for CUI specified in NIST SP 800-171 per DFARS Clause 252.204-7012.
The By-With-Through Model™ from Lionfish Cyber Security helps meet CMMC requirements, because it is a self-aid, mentoring program with a command-and-control element that allows for on-demand scaling of training and incident response resources. The BWT Model™ is designed to ensure organizations are proficient in foundational concepts and skills across key areas of cyber security. This is accomplished through an integrated employee training suite, on-the-job training (OJT), participation in a mentoring program, and ongoing support that includes professional managed security services and a 24/7 cyber hotline.
The BWT Model™ becomes your organization’s cyber security shield by providing you with proper training, planning, and support that will improve your ability to defend against cyber-attacks targeting your company and community.
We follow the “by-with-and-through” mentality of the Army special forces, because the Pentagon's push to protect industrial base networks and controlled unclassified information (CUI) from cyber attacks falls under CMMC.   

Defense Industrial Base (DIB) contractors for the Department of Defense (DoD) are required to provide certified assurance based on the CMMC framework. The CMMC framework is a set of mandatory cybersecurity requirements that all contractors within the DoD supply chain will be required to implement and be verified by an

Portrait of happy young attractive asian entrepreneur woman looking at camera using smart tablet in warehouse with inventory management or industry digital era concept. Asian small business or sme.
Lionfish Cyber Security

independent CMMC Third Party Assessment Organization (C3PAO).

The CMMC framework establishes five certification levels that define the minimum-security posture, or cyber maturity, an organization must achieve based on the sensitivity of its information. Eligibility to receive a new DoD contract award or renewal is dependent on achieving CMMC certification, outlined in each program’s acquisition strategy or RFP.

The Lionfish CMMC program using the BWT Model™ will bring you to a level of cyber control you can count on…hook, line and sinker.  We are currently offering CMMC Level 1-3 support as part of our By-With-Through Model, with additional fees for Levels 4 & 5 available.

Don't Get Underwater...

Certification can be an arduous assignment with a roadmap,
but we know how to kick into action and school your team in the right direction.

  • Are you a Prime Contractor?
    Helping your subs prepare for CMMC with the Lionfish BWT Model™ brings these benefits:

    • Confidence subs will meet CMMC requirements.
    • System can be co-branded with prime’s logo and colors. Build loyalty with subs.
    • Subs save time and money with one-stop option to learn, implement, monitor and manage CMMC solutions.
    • Ensure subs have ongoing protection and compliance.

By-With-Through Platform™ for SMBs- Lionfish Cyber Security
Lionfish Cyber Security - LOGO
  • Benefits of the Lionfish BWT™ managed security service platform:

    • Uniquely credentialed to assist you to qualify for and maintain government contracts
    • Supplement your staffing needs with our seasoned security professionals and apprenticeships
    • Management of routine IT tasks to save you time and focus on your business
    • Affordable enterprise-level managed security services designed specifically for small businesses
    • Proactive Technology Management to prevent malicious activity
    • Cyber awareness training to achieve data care best practices that protect your most valuable assets – customer and employee data
    • We quickly identify, remediate and set up appropriate disaster recovery mechanisms to keep your business running smoothly

  • We are Registered, So We Are Ready to Serve You…

    Lionfish is a CMMC Registered Provider Organization (RPO) and a CMMC Accredited Practitioner™, so we are able to assist in you with CMMC requirements.  As a vet-owned business, we provide guidance and activity-driven models for small businesses that seek to achieve a high standard of cybersecurity excellence through cyber deterrence and resilience. We are working towards a world where all businesses are cyber resilient and are no longer easy targets for cyber-attacks. 

    CMMC guidelines require DoD contractors to meet mandatory requirements and go through multiple assessments to prove their certification level. Lionfish Cyber Security will assist you in determining the CMMC levels of certification the DoD requires of your company, which all begin with minimal cyber hygiene requirements.

Lionfish Cyber Security

What Exactly is CMMC?

The CMMC model measures cybersecurity maturity with five levels and aligns a set of processes and practices with the information you wish to protect, and possible associated threats. The model consists of maturity processes and cybersecurity best practices from multiple cybersecurity standards, frameworks, and other references.  The model encompasses the basic safeguarding requirements for FCI specified in FAR Clause 52.204-21 and the security requirements for CUI specified in NIST SP 800-171 per DFARS Clause 252.204-7012.

Why Was It Created?

DOD will migrate to the new CMMC framework in order to assess and enhance the cybersecurity posture of the Defense Industrial Base (DIB). CMMC is intended to serve as a verification mechanism to ensure appropriate levels of cybersecurity practices and processes are in place to ensure basic cyber hygiene.  It will also protect controlled unclassified information (CUI) that resides on the Department’s industry partners’ networks.

Where to Begin…

Below you will find CMMC practices grouped by level and by domain. Each practice contains helpful publicly available cybersecurity resources and clarification from CMMC Model v1.02 Appendix B.

Need guidelines for assessing CMMC practices?

Have questions about NIST 800-171 or CMMC compliance?  We are happy to answer any of your questions about our product offerings.

CMMC Blogs

CMMC icon (1)

Getting Ready for New CMMC Requirements Now

Right off the bat, we’re here to tell you that anyone promising you a sure-shot solution to all your CMMC woes is trying to pull a fast one on you. The Cybersecurity Maturity Model Certification (CMMC) is a comprehensive move by the U.S. Department of ...

Read More 

CMMC_DFARS Rule and What it Means for you

Achieving CMMC: The Interim DFARS Rule and What It Means for You

The Cybersecurity Maturity Model Certification (CMMC) was formally made part of the Defense Federal Acquisition Regulation Supplement (DFARS) in January 2020. The decision sent over 300,000 members of the defense industrial base (DIB), mostly small and midsize businesses (SMBs), into a state of frenzy. Most ...

Read More 

Katie Arrington

CISO for DoD Acquisition Office

“Every company within the DoD supply chain — not just the defense industrial base, but the 300,000 contractors — are going to have to get certified to do work with the Department of Defense,” Katie Arrington said at the 2020 Intelligence and National Security Summit. “We get everyone on a level-set playing field for cybersecurity, and then we can really start looking at our supply chain, where our most and greatest vulnerabilities lie and how we can work together in a collaborative event with industry.”