Core Business Solutions, Inc.

866.354.0300

866.354.0300

Login

CMMC Compliance

Compliance Made Simple for Small Business

Free CMMC Guide

What is NIST / CMMC?

CMMC Compliance for Small Business

The launch of the Cybersecurity Maturity Model Certification (CMMC) program serves as an important and necessary step in the advancement of our country’s ability to protect its people, military, industry, and more. 

For businesses working with the Department of Defense (DoD), the threat grows. CMMC is designed to level up the security of information shared by the Department of Defense and contractors and subcontractors and gives the Department enhanced confidence that CUI is being protected. 

Get a Free Quote

What is CMMC Compliance?

Watch this short 2 minute video to learn about CMMC Compliance our our unique solution for small businesses who need to comply with NIST 800-171, DFARS 7012 and CMMC.

 

Consulting Support for CMMC Compliance

At Core, we offer a modular approach to certification. We have a consulting program and remediation solution for small businesses for just $8,000-$10,000.  We can get you compliant in as little as 2 weeks. We break the requirements down into two broad categories: organizational and technical. We provide NIST/CMMC training for your employees, your management, and your IT Team or MSP (if you outsource your IT needs).

We also assist you in your guided self-assessment. We will help you develop your System Security Plan (SSP), Plan of Action and Milestones (POAM), Roadmap, and budget. Core Business Solutions is a NIST/CMMC registered provider organization (RPO).  Click to view CBS CMMC Consulting Offering Sheet Link.

CMMC RPO Core Business Solutions

What is CMMC Compliance Software?

CORE Vault is a CMMC consulting and remediation solution for small businesses that handle FCI and CUI for the DOD. Watch this short video to learn more about how Core Business Solutions can provide an affordable solution so you can meet your contract requirements.

Customer Reviews

5 stars

Core supported us from the beginning. Our consultant Kaitlin, in particular, always gave us the attention we needed, kept us accountable for getting the project completed, and drove the process from start to finish.  K. Lane - Lockers Manufacturing

Birdeye

Working with Bruce made gaining our ISO Certification very seamless. His knowledge and professionalism was greatly appreciated. I look forward to working with Bruce as we move into the next phase of our ISO journey. Charles W.  - Stracpak

Birdeye

My experience with Ty Elliott at Core Business Solutions has been great. We feel very prepared for our audit. This was accomplished with Mr. Elliott leading us on the path with patience and knowledge. We felt confident through the entire process that we would be successful and would definitely recommend Core Business Solutions to anyone desiring to acquire their ISO certification. Joe B. - AMR Plastics Inc.

Birdeye

Great Experience. Extremely knowledgeable. Core made a difficult and demanding process simple. Christian W. - Accele

Birdeye

The Structure of CMMC

CMMC measures cybersecurity at 3 levels, from Foundational to Expert. Businesses that only handle Federal Contract Information (FCI) will require Level 1. Businesses that handle Controlled Unclassified Information (CUI) will require Level 2. Level 3 exists to protect highly sensitive CUI and will be required by a few contractors.

Level 1 (Foundational)

17 Practices

 

  • For contractors who handle CUI
  • Equivalent to all practices in Federal Acquisition Regulation (FAR) 48 CFR 52.204-21
  • Requires annual self-assessment submitted to Supplier Performance Risk System (SPRS) and affirmed by company leadership.
Level 2 (Advanced)

72 Practices

 

    • For contractors who handle CUI
    • Comply with the FAR
    • 110 practices from NIST SP 800-171
    • Lower-priority acquisitions will require annual self-assessment submitted to SPRS and affirmed by company leadership.
    • Higher-priority acquisitions will require a third-party assessment every three years.
Level 3 (Expert)

130 Practices

 

  • For contractors who handle highly sensistive CUI
  • Comply with the FAR
  • 110+ practices from NIST SP 800-171/172
  • Requires government assessment every three years.

Level 1

Foundational

    • Comply with the FAR
    • 17 practices from NIST SP 800-171
    • Annual self-assessment affirmed by company leadership.

Level 2

Advanced

  • Comply with the FAR
  • Encompasses all practices from NIST SP 800-171r1
  • Annual self-assessment or triennial third-party assessement.

Level 3

Expert

  • Comply with the FAR
  • Encompasses all practices from NIST SP 800-171 and a subset from NIST SP 800-172
  • Requires assessment by government every three years

Source: CMMC Model v2.0 Approved for Public Release

Download our free CMMC Guide to learn more or request a quote at info@thecoresolution.com.

Free CMMC Guide