Helping Small Companies and Startups with CMMC

As the draft Cybersecurity Maturity Model Certification (CMMC) begins to percolate among industry after the draft v0.4 was released earlier this month, some believe that the rules could impede the ability of small businesses and startups to do business with the Department of Defense (DoD). In a recent FCW article “Alexander Major and Franklin Turner, partners and co-leads for government contracts at McCarter & English LLP, told FCW that the rules could have a negative impact on small businesses and startups. And because this standard, as it is now presented, would broadly include any company in the DoD supply chain, that opens up more companies that would have to comply -- or risk losing business.” While it is broadly agreed that a unified and stable cyber standard has been desperately needed, it should not preclude the DoD from leveraging small business and startups.

When the Defense Federal Acquisition Regulation Supplement (DFARS) rule 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting was released nearly three years ago, Ascolta thought the exact same thing, how were small businesses going to 1) be able to afford cybersecurity at this new level? and 2) How were they going to find experienced cybersecurity professionals to manage it for them in an ever shrinking talent pool?

We set to work and developed what we thought was the perfect solution for small businesses and startups to quickly, easily and in an affordable manner meet requirements to easily meet the DFARS requirements and now obtain a CMMC certification. Ascolta’s Greenfield is designed specifically to provide turnkey National Institute of Standards and Technology (NIST) Special Publication 800-171 compliant cloud environments, designed to protect customer data to Defense Federal Acquisition Regulation Supplement (DFARS) standards. Our environments are Cybersecurity Maturity Model Certification (CMMC) ready and will meet the Good Cyber Hygiene rating (CMMC Level 3) required for contracts involving Controlled Unclassified Information (CUI). We provide customers with the necessary security documentation to include policy templates, Systems Security Plan (SSP) and a Plan of Action and Milestones (POAM) if needed. We’ll provide everything required to undergo a third-party CMMC certification.