Cybersecurity Maturity Model Certification & Government Risk Management and Compliance
One of the latest and potentially most impacting certifications in the Governance, Risk Management and Compliance area for DoD contractors and sub-contractors is Cybersecurity Maturity Model Certification (CMMC). This site isn’t a primer on CMMC; there are plenty of good ones of those available already.
Think specializes in understanding what CMMC means to your business. Compliance is one thing. It’s not all that easy to achieve and we have an answer for that, but being able to “see” how your operations, systems, policies and people align to CMMC requirements is entirely another.
The one thing we will say about CMMC is that it is different. It requires that processes are “institutionalized” and that cyber hygiene becomes part of your business DNA. You cannot bolt-on or simply document policies and reach any level of CMMC. It goes much deeper than that and it should. A key difference with CMMC is the removal of a self-attestation component. You will be audited and you must reshape operations to resolve any non-compliant areas.
There is good news though; certification for CMMC levels can be evaluated for an enterprise network or for a particular segment(s) or enclave(s), depending upon where information to be protected is handled and stored.
Where is that for you?
Operations Modeling will enable you to see your current state, map people, processes and systems to it, and then map CMMC requirements to all applicable areas. The result is a solid understanding of CMMC on your operations. Better yet, it provides the ability to plan modifications, assess work needed and to future-proof your operations in order to become and remain compliant.
Think’s partnership with BusinessOptix enables us to model all of this information using industry standards (BPMN) in a single tool. We do not draw “pictures” of processes in Visio or some other visual tool. We used to do that. But we’ve needed to adopt innovation in this area ourselves.
In the hands of our analysts, we will model your operations in BusinessOptix, to the extent needed for CMMC. Proper modeling produces visual information that is more than a picture, it is a visual representation of how your business runs or could run. It is significantly easier and faster to run scenarios and identify changes when modeling is done correctly.
The other half of our solution is CMMC expertise. This is where we have chosen to partner with Edwards Performance Solutions . Think’s expertise is in transforming business and operations. We break-down things that need to get done and follow through until they are. Edwards has invested heavily in cyber professionals who know CMMC. When you combine these two sets of expertise along with the right tool, you get an unbeatable combination.