The US Defense Industrial Base (DIB) sector is constantly under attack by malicious nation state actors to penetrate the information systems and networks of the DIB companies with the intent to steal sensitive technical data about the US warfighter programs. The DIB consists of more than 350000 companies that support the research and development of highly sophisticated defense systems, engineering, production, operation and maintenance of those systems. The CMMC Compliance Framework is a step towards securing the DIB supply chain to mitigate the risk of intellectual property theft and increasing national security.

The CMMC model measures the cybersecurity maturity of organizations at three levels with a set of processes and practices that companies need to follow to protect sensitive information at that level. CMMC 2.0 is the latest version of the CMMC model, and it was released in July 2021.

CMMC Consultation and Advisory

Mrisan provides comprehensive services where its information security experts and Registered Practitioners (RPs) provide advice on the CMMC requirements, best practices, and strategies for achieving certification by understanding an organization’s unique operational environment and offering tailored solutions.

Gap Analysis

Mrisan RPs begin with conducting a Gap Analysis by assessing an organization’s current cybersecurity posture against the requirements of the CMMC. They identify the gaps in practices and processes, and provide recommendations to achieve the organizations desired maturity level.

Implement Security Controls

Mrisan RPs then work in close alliance with organization to formulate or update their policies, processes and practices, implement security controls and prepare them for CMMC assessments to get CMMC compliant. It includes fixing identified vulnerabilities, enhancing cybersecurity infrastructure, and training personnel.

Training and Awareness

To maintain a strong cybersecurity posture, continuous training and awareness are essential. Mrisan provides training modules for employees and stakeholders on CMMC requirements, cybersecurity best practices, and potential threats. Mrisan also conducts phishing and smishing exercises as part of its social engineering services to assess the efficacy of the training and awareness exercises.

Audit and Assessment Support

Before undergoing the official CMMC assessment, Mrisan RPs will conduct mock audits to help organization personnel prepare for the assessment. This helps them understand the assessment process, identify areas of concern, and ensure they are fully prepared for the real audit. Mrisan RPs also support the customer during the assessment process helping them provide organized documents, evidences and other needed guidance. Mrisan also aids organizations in navigating the certification process, connecting them with Certified Third-Party Assessment Organizations (C3PAOs), and ensuring all requirements are met for a successful assessment.

Continuous Monitoring

Cyber threats evolve, and maintaining compliance requires ongoing monitoring. Mrisan offers tools and expertise to continuously monitor an organization’s environment for vulnerabilities, ensuring they remain compliant and secure. Mrisan RPs also helps organizations manage the POAMs and implement controls in a timely manner as part of their remediation services.

Incident Response Planning

Cyber incidents can happen even with the best defenses. Mrisan RPs organizations develop and test incident response plans, ensuring quick and effective action during cybersecurity events.

CMMC Audit Services

Mrisan has a team of experienced CMMC Certified Practitioner’s (CCPs) who work as audit team members in audits being conducted by C3PAOs.