CMMC preparation

New cybersecurity standards required for Department of Defense contractors

New guidelines mandate all DOD suppliers complete CMMC assessments as a future contract requirement. Learn more about the CMMC and action you need to take.

The Department of Defense (DOD) is transitioning to a more structured approach relying on the Cybersecurity Maturity Model Certification (CMMC). The CMMC mandates all DOD suppliers – both prime and subcontractors – need CMMC compliance to participate in contract opportunities.

CMMC preparation action steps

Contractors need to do the following to prepare for CMMC compliance:

  • Determine the appropriate level of the CMMC based on the organization’s situation;
  • Identify gaps in current cybersecurity practices relating to the targeted CMMC level; and
  • Ensure the necessary cybersecurity practices are performed in accordance with the CMMC requirements.

Signs you may need assistance

Whether an organization is relatively new to this area or an experienced contractor, the CMMC presents risk to most contractors. An organization may need assistance if it is unsure of how to comply with the CMMC or has not established cybersecurity practices that comply with its desired CMMC level.

cybersecurity-email-series New call-to-action

AGH designated as a Registered Provider Organization by CMMC Accreditation Body

As a Registered Provider Organization (RPO), as designated by the CMMC Accreditation Body, AGH’s team of Registered Practitioners can assist contractors in preparing for CMMC compliance. AGH can help identify gaps between a contractor's current practices and those required by the CMMC. AGH professionals can also help contractors advance their cybersecurity practices in anticipation of bidding on contracts that will require higher CMMC compliance.

AGH is one of the first RPOs in the State of Kansas. AGH’s cybersecurity professionals have the proven experience and knowledge to help distill complex frameworks into specific actions. Like the DOD, AGH understands the value and importance of small- and medium-size contractors and the unique cybersecurity situations they face.

Get started today to remain a valued DOD contractor

Given the critical nature of this new DOD requirement, contractors should begin evaluating their assessment readiness. AGH can help. Preparing for the CMMC will take time but working with AGH’s experienced professionals will help ensure the process is effective and resources are used efficiently.

Ready to get started? Contact Brian Johnson using the information below.

Brian Johnson

Senior Vice President
Technology Services

Brian joined AGH in 1992. He leads the firm’s technology services practice where he helps clients achieve measurable performance improvements through the delivery of specialized, competency-based information systems management, assurance, and advisory services. He has extensive experience in information security, network engineering, and solution development, with recognized specializations in governance, risk, control, and related consulting services.

Brian is a member of ISACA (previously known as the Information Systems Audit and Control Association), the Kansas Society of Certified Public Accountants (KSCPA), the American Institute of Certified Public Accountants (AICPA), the AICPA’s Information Management and Technology Assurance (IMTA) Section, and the Association for Supply Chain Management (ASCM). He is a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), Certified in Risk and Information Systems Control (CRISC), Certified Data Privacy Solutions Engineer (CDPSE), and Certified in Production and Inventory Management (CPIM).

Brian is also a Certified Public Accountant (CPA) and a graduate of Wichita State University, where he earned Master of Accountancy and Bachelor of Business Administration degrees.

Information security is more than technology, it requires educated staff.
See how we can help identify and mitigate your security vulnerabilities.