Cybersecurity Maturity Model Certification (CMMC)

Helping your business understand and comply with new CMMC regulations

US Department of Defence (DOD) contractors and the entire government contracting supply chain are facing more sophisticated cybersecurity challenges, made increasingly more complicated with the continued threat of third-party breaches of controlled unclassified information (CUI). In response to the increased need for security measures, the DOD recently released the Cybersecurity Maturity Model Certification (CMMC) to enhance the information security expectations that its prime contractors and subcontractors in the defence industrial base (DIB) must maintain in order to protect CUI.

To help improve the protection of CUI, as well as the effectiveness of the supply chain’s cybersecurity posture, the DOD released CMMC 2.0 on November 4th, 2021. The CMMC framework defines a new, tiered approach of certifying the cybersecurity posture of all organizations that provide goods and services to the DOD, regardless of the amount of confidential data (e.g., CUI) they handle. Approximately 350,000 contractors and subcontractors within the DIB will be required to be CMMC certified to continue working on or seeking out new DOD contracts.

Developing your CMMC compliance plan

RSM’s risk consulting team has decades of experience working with government and provincial contractors. We routinely work with organizations like yours, helping navigate difficult business decisions and balance potential revenue loss from lost contracts with the cost of compliance. Our experienced team provides the key insights and advice you need to implement a comprehensive and effective CMMC compliance program.

We know that achieving and maintaining compliance with the CMMC requirements can be a challenge for some organizations. Our CMMC advisory services can help you build a repeatable, efficient process for achieving and sustaining compliance, minimizing the scope and rightsizing your cybersecurity program. Some of the related services that RSM offers include:

Assessing your readiness for the new CMMC requirements, including identifying gaps and developing action plans to close them
Helping to implement or streamline your CMMC compliance program by:
- Identifying business processes related to storage, transmission and the processing of DOD-related information
- Minimizing the scope of systems that must be certified based on how DOD information flows through your environment
- Improving the design and implementation of security practices and controls to reduce ongoing efforts to maintain compliance 
Developing and implementing policies, processes and technologies required to close any compliance gaps that you’ve identified

: RSM carries the necessary certifications to give you confidence in the effectiveness of your CMMC compliance program. RSM is certified as a Registered Provider Organization (RPO), allowing our team to provide qualified consulting and recommendations to meet CMMC compliance obligations. In addition, we are one of the few firms to receive candidate approval as a CMMC Third-Party Assessor Organization (C3PAO). While organizations were previously allowed to self-certify compliance under Defence Federal Acquisition Regulation Supplement (DFARS) 252.204.7012, CMMC now mandates that an independent C3PAO must advise on and perform periodic certification assessments.

The CMMC framework can be difficult to implement and maintain, but compliance is required to continue doing business with the DOD. Contact RSM to learn how we can design and implement an effective compliance program that brings your security processes, practices and controls in line with new regulations.

Additional insights and solutions to achieve your organization’s goals

Experience the power of being understood

Connect with our risk, fraud and cybersecurity professionals today.

Contact RSM today

Stay up to date on what matters most to your business.

Let us know your personal preferences for topics, industries and services to start receiving RSM updates in your inbox. Get the most from insights, events and offers from our team of first-choice advisors.

Subscribe now >

THE POWER OF BEING UNDERSTOOD

AUDIT | TAX | CONSULTING

RSM Canada LLP is a limited liability partnership that provides public accounting services and is the Canadian member firm of RSM International, a global network of independent audit, tax and consulting firms. RSM Canada Consulting LP is a limited partnership that provides consulting services and is an affiliate of RSM US LLP, a member firm of RSM International. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit rsmcanada.com/about for more information regarding RSM Canada and RSM International.

Featured technologies

Platform user insights and resources

About RSM

Experience RSM

Spotlight on culture

Work with us