We're all set. We are in the cloud

Sounds wonderful no need to do anything for CMMC; after all, you are completely compliant with your implementation of NIST800-171. The problem is CMMC goes beyond NIST800-171. The biggest difference is unlike NIST800-171 you cannot self-certify your compliance. Also unlike previous DAFAR's dictates, compliance is not limited to prime contractors, it requires compliance across the entire supply chain. So when the question is asked do you comply with CMMC you can't just say “yes”. Compliance takes some work to ensure when the auditors arrive be they from the government or from the prime contractor you must have your paperwork in order. You must be able to show that not only can you check your log tables but do you have the means of capturing "events." Do you have a SOP for reporting those events and better yet can you do it in near real time. These are just some of the requirements; CMMC contains another 20 items which are not in NIST800-171.

We at Next Level Systems ( nextlevelsys.com ) are not only compliance experts but we have extensive backgrounds in aerospace, defense and manufacturing. What we can bring to the table are tools which can help you with compliance without having to tie up someone always checking. We have an AI tool which discovers unusual events and isolates those events, this alone lowers the cost of compliance. Our review of your computer and manual systems will get you to compliancy without costing an arm and a leg. If need be we can do the review remotely if required.

CMMC is here it is starting to appear in RFIs and RFPs it has some teeth. It is different and if you do any defense work it will affect your business.

Give us a call we can give you a little education 203-834-1218 or shoot us an e-mail

[email protected] for Brian O'Connor

[email protected] for Alan Knapp