CMMC Certification

Protecting the United States from Cyber Threats

The threat of cyber attacks keeps consumers, CEOs and Boards of Directors awake at night. Furthermore, organizations that support government entities, like the Department of Defense (DoD), remain at high-risk as the valuable information they create, process or store can jeopardize the safety and security of the U.S. in the hands of foreign adversaries, hacktivists, organized crime and other threat actors. To mitigate these risks, the DoD is requiring all suppliers that implement cybersecurity measures to be in compliance with CMMC practices.

What is the Cybersecurity Maturity Model Certification (CMMC)?

Developed by the DoD, the Cybersecurity Maturity Model Certification (CMMC) is a program to ensure that all Defense Industrial Base (DIB) contractors meet cybersecurity requirements for handling controlled unclassified information (CUI) and federal contract information (FCI). While rulemaking is still being finalized, it is important now more than ever to become an Early Adopter by considering ABS Quality Evaluations, Inc. (ABS QE) as your Certified Third-Party Assessment Organization (C3PAO).

What's Next? Partner With a Trusted C3PAO

ABS QE is ready to help your organization meet CMMC 2.0 requirements. With over 30 years of experience providing globally accredited business assurance services, ABS QE is one of the first companies to be certified as a C3PAO authorized by the CMMC Accreditation Body (Cyber AB). As a C3PAO and Licensed Training Provider (LTP), we provide assessments and programs that support organizations like yours in their compliance journey.

Readiness Review

The Basic Readiness Review includes a System Security Plan (SSP) review against the 110 CMMC controls and objectives, CUI data flow review, network topology and diagram review, hardware and software asset list review, Plan of Action and Milestone (POA&M) Confirmation, CMMC scope verification, shared responsibility matrix review and SRPS confirmation.

Gap Assessment*

The Gap Assessment is a mock assessment. After the assessment, your organization will receive an Executive Summary and Assessment report that addresses each of the 110 security controls. From here, it will be up to your organization to remediate your environment. If desired afterward, ABS QE can also perform a CMMC certification assessment.

Joint Surveillance Voluntary Assessment Program (JSVAP)

The JSVAP is a pilot program authorized by the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) assessment team that allows DIB contractors with an active DoD contract to undergo a DIBCAC NIST 800-171 assessment. Upon successfully completing a JSVA with a score of 88 or above, you will be eligible to receive a CMMC Level 2 certificate that will be valid for three years once CMMC rulemaking is completed.

C3PAO Certification Assessment*

A C3PAO Certification Assessment is an official assessment for CMMC certification and is conducted in 2 phases via two separate work orders. Upon the successful completion and passing of Phase 1 Planning, the Phase 2 Certification Assessment work order is executed. ABS QE will then provide results to your organization and the Cyber AB.

*No consultation or remediation advice is provided. 

Why ABS Quality Evaluations?