WHAT IS THE CYBERSECURITY MATURITY MODEL CERTIFICATION
How Did We Get Here
Executive Order 13556 signed by President Obama in 2010, directing all Federal agencies to safeguard their Controlled Unclassified Information (CUI) and establishing a unified policy for all agencies to follow for data sharing and transparency. DFARS Clause 252.204-7012 requires contractors / sub-contractors to:
Provide adequate security to safeguard covered defense information that resides on or is transiting through a contractor’s internal information system or network
Report cyber incidents that affect a covered contractor information system or the covered defense information residing therein, or that affect the contractor’s ability to perform requirements designated as operationally critical support
Submit malicious software discovered and isolated in connection with a reported cyber incident to the DoD Cyber Crime Center
Submit media (if requested) and additional information to support a damage assessment
Flow down the clause in subcontracts for operationally critical support, or for which subcontract performance will involve covered defense information.
Since December of 2017, Department of Defense (DoD)Contactors were required to assess and document thier compliance in accordance with NIST 800-171 to self attest thier compliance with the DFARS Clause. DoD contractors are now required to comply using a maturity model in accordance with CMMC Levels 1 through 5. CMMC dictates how contractors and sub-contractors doing business with Federal agencies should manage and control CUI.
Details the security requirements to protect confidentiality of Federal Contract Information, CDI, or CUI on non-Federal information systems.
Security requirements are organized into 14 control families
Each family contains the requirements related to the general security topic of the family, and contain a total of 110 individual controls/ requirements.
Why Do We Need CMMC
Billions of Dollars Stolen
Safety of Our Service Members Relying on Technology DoD Purchased
Damage to Our Economy
Damages to Our Companies from Insider Threats
What Are The Challenges
Cost of implementation
Interpretation of The Requirements
What Solutions Are Needed
What Is and Is Not Compliant
How to Remain Price Competitive
CMMC present many challenges to DoD contractors Let Us Help
Working with Hyper Vigilance provides you with a simple, affordable, and scalable set of solutions to comply quickly. Our solutions and team of experts will take you from non-compliant to CMMC compliant quickly and keep you that way.
Cybersecurity logging, intrusion detection, event analysis, and incident response is required daily by CMMC. We will deploy, collect, review, and respond to threats in real-time to meet compliance and to ensure intruders are stopped to avoid a security breach
We are here for you and will work along side you whether thats providing support for an audit or to ensure the daily, weekly, monthly, and annual compliance activities are completed and documented
Managed IT Services
Do you need support to remotely manage you’re IT assets. We will ensure your IT assets are protected, updated, and compliant with CMMC without disrupting the end-user productivity.
How It Works
CMMC LEVEL 1
SOLUTIONS & SERVICES
CMMC Compliance Assessment
Policy Development Support
CMMC Security Implementation Guides
Managed IPS & Firewall
CMMC LEVEL 2
CMMC LEVEL 1 PLUS
Log Monitoring & Analysis
Vulnerabitly Scans & Analysis
Security Awareness Program
Systems Security Plan
CMMC LEVEL 3
CMMC Level 2 Plus
Intrusion Detection & Response
Advance Threat Prevention
Mobile Security Management
Application & Device Control
Data Loss Prevention
THE FOUNDERS OF HYPER VIGILANCE
We are disabled combat veterans with a passion to serve our customers, our nation, and the Defense Industrial Base to ensure the safety of the world and security of your business.
CEO – Founder
Served in the US Marines, Intelligence Agencies, and Private sector preventing, detecting, and deterring attacks. John is a passionate cybersecurity expert that loves what he does, which is protecting you and your business.
COO – Founder
Over 15 years of experience serving in the US Army and the Defense Department building, securing, and managing complex IT Enterprise systems around the world. Giancarlo has a passion of finding cost effective and cutting solutions to make business more secure without breaking the bank.
This depends on a lot of factors such as do you currently control and manage your company's devices local and remotely. Can you deploy software to remote machines, do you have a firewall, endpoint protection, and security configurations implemented on servers and workstations? For organizations with more mature Information Technology practices getting CMMC compliant could take as little as 2 months. For less mature Information Technology practices getting CMMC compliant could take as little as 4 months.
First and foremost, it would be a pleasure to work for you and partner with your organization. We begin with a preparation phase to learn your organizational structure, business practices, sensitive data types, and critical assets you host within your organization. A one size fits all doesn’t work in cyber security, so we work with you to implement tailored solutions that meet your compliance requirements but don’t have a substantial impact on productivity, end-user experience, and existing infrastructure.
No, we will not be an assessor. We are tightly entwined with third-part assessors so we are happy to refer one. Our goal is to provide the technical solutions, processes, and services so that your organization can become compliant and have good cyber-hygiene institutionalized in your organization as stated in the latest CMMC documentation. We will implement a list of solutions as well as create the assessment documentation required to be ready for an audit. Our team of experts will also provide audit support so when an auditor does come on-site our team is there to assist with providing documentation and evidence for compliance.
Yes, this is our expertise and our 24/7 Security Operations Center will be on constant alert in search of changes to your environment as well as malicious activity from both external threat actors and insider threats. Our team will identify events, analyze them and respond accordingly to contain, eradicate, and assist your team in recovering if needed. We also provide forensic analysis on incidents so we can capture all the required artifacts and then supply and report incidents appropriately to the Department of Defense in compliance with the DFARS clauses.
Yes, our customers must meet minimum security requirements in order for us to deploy, configure and monitor you networks and endpoints. First, having a remote management capability to deploy software to servers and workstations. Additionally, we require you IT infrastructure has up to date supported operating systems, active endpoint protection, patching process to manage vulnerabilities, and a basic firewall capability. Don’t worry if you don’t meet these requirements, we will work with you to get those capabilities in place if they are not currently implemented as they would be required for CMMC compliance.
Our initial response to this question is no. Only times we will ask you to consider new software or hardware is if we absolutely cannot get those assets compliant and/or if adopting new software can save the organization money. We have been successful finding efficiencies for all of our customer. For example, we saved one of our customers over $100,000 in yearly IT software and services by implementing smart and compliant solutions.
The first year is a 12-month contract. Compliance is a journey, in order to get it right we must ensure our customers understand that up front. post the initial 12-months the contract moves into month-to-month contract terms. Our pricing is spread over twelve months avoiding upfront costs and annual fees. We bill our customers on the first of the month for the services and solutions we provide as an operating expense versus a capital expense.
Our team has been performing NIST-171 compliance assessments and solution development since 2017. Prior to that many have helped transition the Department of Defense major systems to NIST 800-53 that contains over 400 security controls. NIST 800-171 is a subset of NIST 800-53 controls. CMMC maps and references to many NIST controls of which our team has reviewed, updated our solutions as well as our testing plans to ensure you are ready for a third-party audit. Our team also has extensive years in implementing and sustaining systems that comply with CERT Resilience Management Model (CERT-RMM), CIS Critical Security Controls, and other similar maturity models such as ISACA’s Capability Maturity Model Integration (CMMI).
Yes, we actually implement everything in our organization as we would do in yours. We take extreme measures to ensure all data in transit and at rest are highly security using restrictive access controls, data loss protection measures, application controls, sovereignty controls, and conditional access measures.
Pricing is based on two main factors; how large is your organization (endpoints, users, servers) and what maturity level are you wanting to be audited for. We offer packages based on the CMMC Levels 1 through 5 to make is simple to understand. Please contact Hyper Vigilance so we can meet all your security and compliance needs today.