Problems
One large, well-known Department of Defense (DoD) contractor of about 2500 employees needed help becoming DFARS compliant. This company is a multinational manufacturer with subsidiaries in the US that have contracts with the DoD.
When they teamed up with SysArc, this manufacturer and its subsidiaries needed help reaching full compliance with DoD cybersecurity standards, including DFARS 252.204-7012 and NIST 800-171. They also needed an overall boost in their cybersecurity to remain protected from cyber threats.
As CMMC updates are enacted, they have also required assistance preparing for future CMMC audits, and SysArc has assisted every step of the way in our role as their fractional Cybersecurity Program Manager.
Solutions
Subsidiary 1: The first step in this organization’s process was to conduct an CMMC/DFARS assessment. This firm had immense compliance gaps. They were out of date with their technology in general, not up to date with required DFARS regulations, and their information was not secure; in fact, they had recently suffered a major breach. They asked us to complete a network refresh of their entire infrastructure.
We assist our clients by conducting an assessment, giving results, then planning for remediation to mitigate compliance gaps. In this case, we were extremely involved in the remediation phase. SysArc implemented a complete network refresh and server hardening project to get their technology, processes, and security up to date.
Subsidiaries 2 & 3: The main hurdle of the next two subsidiaries was that due to the nature of their contracts, these firms are anticipating that they will require a CMMC Level 3 certification in 2021.
They had already begun completing remediation on their own, but they hired SysArc as their CMMC consultant to maintain security standards and ensure they’re in compliance through their CMMC certification. This included completing an assessment, overseeing remediation, and collecting evidence along the way to provide auditors proof of maturity and cybersecurity compliance.
We helped them create a compliance calendar that included such items as a re-assessment against the NIST 800-171 in order to provide an updated score to be entered into the SPRS database, collecting/storing evidence for the audit, updating their SSP and POA&M, etc.
Although CMMC updates are still being rolled out, SysArc has proactively continued to aid this company in its preparation by setting a target date by which their CMMC certification will be completed, creating a plan to achieve that goal, managing their project portfolio, collecting all evidence needed for CMMC audits, and more.
Results
Thanks to Sysarc’s timely, knowledgeable services, these firms are now much more secure overall and very well prepared for a potential CMMC audit in 2021.
In the case of the first subsidiary, a complete network refresh enabled them to mitigate NIST 800-171 and DFARS 252.204-7012 compliance gaps. Their newly updated systems are designed to proactively prevent breaches, giving them optimal security.
The second and third subsidiaries received our dedicated attention when time-sensitive CMMC updates were released, which allowed them to rapidly implement Interim Rule requirements and prepare for future audits with no interruption to their business.
All three organizations received, and continue to receive, the invaluable benefit of advanced security against all cyber threats to their businesses, from ransomware to IP theft and more.
With our help, these companies have tightened security against potential threats and crossed every hurdle they’ve been asked to pass so far, putting them in the best position for CMMC audits and future changes.
SysArc has helped over 1,000 DoD contractors throughout the U.S. navigate the complexities of DFARS, NIST 800-171, and now CMMC. Through our many experiences, we’ve fine-tuned several solutions that enable our clients to prepare to achieve compliance faster and at a lower cost compared to other solutions that have been popping up in the market recently.
Not ready for an assessment? Read our detailed Preparation Guide to CMMC, or visit our CMMC News section for the latest news an updates from the CMMC accreditation Body.