Gailey Solutions is uniquely qualified, to help you become CMMC assessment-ready.

Our services include: Leverage industry-leading expertise to get you ready for CMMC 2.0 Level 2.

Our Services:

vCISO - "Adult Supervision." This is a journey.  We have X-Federal Program Auditors on staff to guide you on the Journey.
CMMC CUI Enhanced Vulnerability Assessment to assist in the determination of in-scope organizational and system environments.
CMMC Gap Analysis to evaluate your organization’s current state of readiness against your targeted CMMC Level.

CMMC - CUI Data Discovery
CMMC Remediation support that prioritizes identified cybersecurity gaps, with guidance to help you achieve certification-ready status.

 

What Should Contractors Do Right Now?

Contractors should expect to see a CMMC requirement for new direct DOD business starting either FY 2024 or FY 2025. Contractors should also expect pressure to comply with CMMC from their prime contractors beginning in late 2023.  It can take 6-12 months or longer for an organization to become compliant, depending on maturity, size, complexity, and available resources. An organization may also be dependent on the compliance of its third-party service providers including MSPs and MSSPs, before the organization itself may become compliant. This adds to the timeline for the contractor and presents a significant risk to the overall compliance program if the third-party provider is unable to become compliant in time or instead chooses to exit the DIB sector altogether.

We are now possibly less than 12 months from rulemaking finalization and the resulting action from prime contractors to verify the compliance of their supply chain (subcontractors). While some aspects of how CMMC will be implemented are still unknown, the actual requirements are set (NIST SP 800-171), have been largely unchanged since 2017 (DFARS 252.204-7012), and are not going to be reduced prior to the CMMC program launch. If anything, they will be increased when NIST SP 800-171 Rev3 is released.

Waiting until the end of this year, or until rulemaking is complete to begin serious work towards implementing NIST 800-171 will likely result in a contractor becoming less attractive to prime contractors as soon as 2023, and ineligible for contract awards in 2024.

It is our professional recommendation that contractors who currently do business with the DoD begin aligning their environment with NIST 800-171 and CMMC now, to be ready when the requirements are added to new contracts. Organizations who fail to be prepared risk losing contracts or being at a competitive disadvantage when bidding on new business.

Gailey Solutions' team is ready to assist your organization in becoming CMMC 2.0 compliant. Our process starts with a Risk Assessment against NIST 800-171 to identify the gaps in your People and Process' and an Enhanced Vulnerability Assessment and PenTests to assess your Technologies.

 

We deliver a Maturity score and a Prioritized Plan of Action and Milestones (POAM).