Cybersecurity Maturity Model Certification
CMMC Level 1: Self-Attest vs. requiring 3rd party certification
CMMC Level 2: Expected to require C3PAO certification (awaiting final rules making process)
CMMC Level 3: if/when it comes out it is anticipated that will require C3PAOs to conduct the Level 2 and DIBCAC to conduct the Level 3 – await the DoD and CMMC-AB directives
What is CMMC?
Who is CMMC for?
What are the levels of CMMC?
How does CMMC certification work?
Once your management system is established, you can start the process of getting it certified with DQS. We will work with you to discuss goals of CMMC certification and get you a detailed quote tailored to the needs of your company.
Project planning begins with the schedule mutually agreed upon dates for your initial assessment(s) and coordinating multiple sites if applicable. An optional gap assessment can also be scheduled to help you identify the strengths and points of improvement in your management system in advance.
The certification process itself begins with review and evaluation of system documentation, goals, results of management review and internal audits. The Stage 2 Audit occurs after the successful Stage 1 Audit. The assigned audit team will assess the client’s management system at the place of production or service delivery. Applying defined management system standards and specifications, the audit team will evaluate the effectiveness of all functional areas as well as all management system processes, based upon observations, interviews, review of pertinent documents and records, and other assessment techniques.
The independent certification function of DQS Inc. will evaluate the audit process and its results, and make an independent certification decision about issuance of the certificate. The client receives an assessment report, documenting the assessment results. When all applicable requirements are fulfilled the client also receives the certificate.