Cybersecurity Maturity Model Certification (CMMC) is a set of cybersecurity standards that organizations can use to measure and improve the security of their information systems. The United States Department of Defense (DoD) developed this certification as a preventive measure against increasing cyberattacks on government contractors and their supply chains.
At BTI, our mission as a certified assessment provider (C3PAO), training provider (LTP), and implementation expert is to help your organization achieve your required CMMC level.
Select Your Step in the User Journey
We provide several services based on where you’re at in the certification process. Where do you want to start?
I’m interested in CMMC advisory services: If you are starting your journey, we can offer guidance for which steps you should take.
I want CMMC training: When you need to take steps to achieve certification, our team can help you understand what’s necessary for full compliance and learn how to take the necessary steps to achieve this goal.
I’m ready for my CMMC assessment: Once you are ready to begin, we’ll assess areas like your company’s cybersecurity procedures, technical controls, policies, and documentation to see how prepared you are for potential breaches.
CMMC services are designed to help your company protect sensitive data and comply with Cybersecurity Maturity Model Certification. This certification will prove that you have implemented a robust cybersecurity program capable of protecting sensitive information and allow you to work with the DoD, as CMMC for DoD contractors is a government requirement.
These services include:
Assessment and gap analysis: Our team will conduct a thorough assessment of your organization’s current cybersecurity practices and find the gaps between your existing framework and the CMMC requirements.” add to this “NIST 800-171 results are reportable now in PIEE and CMMC results results as required by specific contract.
Policy and procedure development: We can help your company develop and implement a comprehensive cybersecurity infrastructure.
Technical implementation: Our experts will assist you in configuring your systems and controls in accordance with policy to comply with NIST 800-171 and CMMC Level 1 or 2.
Level 1 (Foundational)
Basic Cybersecurity Practices
The lowest level of security controls a government contractor must have in place to earn a Cybersecurity Maturity Model Certification. All DIB contractors and subcontractors require at least CMMC Level 1 compliance to do business with the DoD. Level 1 demonstrates that an organization has the basic security controls in place to adequately protect FCI, which is not intended for public release. Level 1 has 17 practices that qualified government contractors should meet.
Level 2 (Advanced)
Intermediate Cybersecurity Practices
Level 2 is the transitional phase between basic security measures to protect FCI and the measures required for sound protection of CUI. This is the bridge between baseline requirements and the authorization to handle sensitive data. Reaching this level indicates that a contractor is working towards good cyber hygiene while continuing to establish the processes needed to protect CUI. To obtain this level, contractors must demonstrate they have 72 specific security practices in place.
Level 3 (Expert)
Advanced Cybersecurity Practices
Organizations that have reached CMMC Level 3 have should already have the basic security controls in place needed to protect sensitive data. Level 3 requires that an organization establish, maintain, and resource a plan demonstrating the management of activities for practice implementation. The plan may include information for missions, goals, project plans, resources, required training, and involvement of relevant stakeholders. Building on the security requirements of Levels 1 and 2, obtaining Level 3 indicates a contractor has put 130 cybersecurity requirements in place.
CMMC impacts organizations that work with the DoD and must protect sensitive information that is critical to national security. These companies must meet specific CMMC certification levels before they bid on contracts.
CMMC certification can also benefit your company even if you’re not in the DoD supply chain. This comprehensive framework for assessing and improving cybersecurity maturity sets your business up with advanced protection from online threats. You’ll also prove to your customers and stakeholders that your company takes cybersecurity seriously.
We offer CMMC courses that cover compliance requirements, cybersecurity best practices, and risk management strategies. With this information, you can learn how to comply with CMMC standards and prepare for certification. Our courses include:
BTI succeeds in its mission when an organization is measurably better in a way that makes a real difference, is able to sustain the change for the better, knows that it is better, and is satisfied with the result.
Business Transformation Institute, Inc. (BTI) joined in partnership with Raytheon SAS to help us bring together many diverse business units and to stabilize and improve our performance. Throughout the years we have worked together and achieved CMMI Maturity Level 5 while bringing together geographically and process diverse units. This has allowed us to have a much higher fluidity in our staff and contract execution locations without suffering performance degradation. Also, BTI has led the way in choreographing novel appraisal methodologies that have significantly reduced the cost of maintaining CMMI certification and ensuring that the programs do not suffer “set-back” during the gap between certification renewals.
Alan Perkowski
Process Maturity Technical Director from Major Aerospace Company
Having BTI’s LSS black belts onboard means that I can now safely retire. Thank you!
Lean Six Sigma Master Black Belt
Lean Six Sigma Master Black Belt from National Security Agency
CNI was going to graduate from the federal government’s 8(a) program. We had to be prepared to compete. Part of this is having good processes. BTI helped us to do it.
Phil Ricks
Corporate Quality Manager from Chickasaw Nation Industries
I was fortunate to work with the BTI team on deploying the CMMI Level 2 practice at Western Union. There were a number of obstacles in garnering top-down changes and support everyone that the team was able to work through and make it successful.
Implementing CMMI practices and procedures in an unstructured environment is surely difficult, but the BTI team was able to see the big picture and also make sure that the details were correctly addressed and implemented.
