top of page

CMMC Update 9/22/2020

Updated: May 17

The DoD’s chief information security officer for defense acquisition and lead for CMMC, Katie Arrington, recently said, “Don’t wait for the CMMC to take effect to take good security measures.” Arrington noted that the CMMC is what is needed now to validate the prime-sub contractor relationship.

Arrington also touched on the importance of the supply chain. The CMMC will lay bare the supply chain and the reliability of its suppliers, she noted, observing that the COVID-19 pandemic has provided a new awakening in the importance of the supply chain. “We are focusing on illuminating the supply chain,” she offered.

Is your company part of America’s supply chain? If you are an addressee on this email, then, yes you are a part of America’s supply chain.

ISOP Solutions Inc. is definitely part of it, as we are working with our customers to accelerate their compliance to CMMC by using internationally proven solutions.

  1. Implementing ISO/IEC 27001 for information security to satisfy many of the CMMC Maturity Level (ML) practices for Information Security.

  2. Implementing ISO/IEC 20000-1 for information technology services to satisfy many of the CMMC Maturity Level (ML) practices for Asset Management and Configuration Management.

  3. Implementing ISO 9001 for Quality Management System to satisfy many of the CMMC Maturity Level (ML) practices for Awareness & Training, Documentation Management, Risk & Opportunity, and Policy Management.

For our clients that have the three ISO standards listed above you may already have all controls in place to comply with ML-1 but simply need us to review and modify those to ensure the 17 practice areas.

As a reminder, ISOP Solutions has registered with the CMMC-AB to be a Certified Third-Party Assessment Organization (C3PAO) which will manage Assessors. Our CMMC Assessor is now undergoing training.

And ISOP Solutions has also registered with the CMMC-AB to be a Registered Provider Organization (RPO) which will manage RPs. Our RPs are now in training to assist our clients.

Again, there has still been no CMMC pricing structure for RPO RP implementations or C3PAO Assessments provided.

Look for our latest CMMC update next week.


bottom of page