The Cybersecurity Maturity Model Certification (CMMC) is a unified standard for implementing cybersecurity across the defense industrial base. While the CMMC Standard was created for the Defense Supply Chain, there are many other government agencies and allies of the United States interested in using the CMMC Standard.
Edwards will play a role in nearly every aspect of the Cybersecurity Maturity Model Certification (CMMC) ecosystem — training and education, audits, and certification. Currently, Edwards supports Organizations Seeking Certification (OSC) as a Registered Provider Organization (RPO) and Certified Third Party Assessment Organization (C3PAO), providing CMMC-AB approved assessments, consulting, and audit preparation through our proprietary Quick Look Assessments. We are also Licensed Training Provider (LTP) and Licensed Partner Publisher (LPP), developing training and providing CMMC-AB certified classes to organizations and individuals planning to take CMMC-AB certification exams or utilize other LPP curriculum. Check out our CMMC FAQ page!
CMMC is already starting to appear in upcoming statements of work and while CMMC will only apply to new contracts, it is critical to prepare for compliance now. High audit demand means you must be prepared to pass the first time or risk being waitlisted – potentially foregoing large DoD contract opportunities. CMMC compliance will be a go-no-go decision gate at the time of the contract award.
Our team of cybersecurity experts brings more than a half century’s worth of deep understanding and experience in assessing and interpreting standards, guidelines, and best practices to improve cybersecurity programs.
On March 18, 2020, the Department of Defense (DoD) released Version 1.02 of the Cybersecurity Maturity Model Certification (CMMC), as a replacement for Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012. As an interim rule effective November 30, 2020; DoD contractors must have a current (not older than three years) National Institute of Standards and Technology SP 800-171 DoD Assessment on record. This interim rule helps to close the gap between DFARS and CMMC requirements.
CMMC will require a Certified 3rd Party Assessment Organization (C3PAO) to independently audit your organization and certify your compliance at a Maturity level commensurate with the data you handle. Processes to establish C3PAOs and specific audit criteria are still being developed; however, once defined, the demand for audits will be high.
All DoD contractors and subcontractors are required to attain at least Maturity Level 1 compliance if they handle Federal Contract Information (FCI). Those processing Controlled Unclassified Information (CUI) must achieve Maturity Level 3.
Basic Cyber Hygiene
Level 1 entails 17 basic cyber hygiene practices. Requirements include basic cybersecurity practices such as changing passwords regularly and using antivirus software to protect Federal Contract Information (FCI).
Intermediate Cyber Hygiene
Level 2 ups the requirements to include two processes that address documentation of policies and procedures for all CMMC domains, as well as adding 55 intermediate cyber hygiene practices. The majority of these requirements are derived from the National Institute of Standards and Technology's SP 800-171 Revision 2.
Good Cyber Hygiene
Level 3 requires that Cybersecurity policies and procedures are not only documented, but that they are also managed and supported by appropriate projects and resource plans. There are 110 practices sourced from NIST SP 800-171 Revision 2 standards, and an additional 20 CMMC specific practices that promote good cyber hygiene.
Proactive
Level 4 requires contractors to continue to progress in their process maturity and review and measure their security practices for effectiveness. Maturity Level 4 Security practices focus on proactive measures to repel Advanced Persistent Threats (APTs).
Advanced/Progressive
Level 5 ensures contractors standardize and optimize their cybersecurity processes and practices across the organization as needed. There are an additional 15 practices that further address the identification and removal of APTs.
✅ CMMC draws from NIST standards, the DoD, and the international security community
✅ One size does not fit all – different levels of security are necessary, depending on the contract and sensitivity of the data involved
✅ CMMC requires a third-party assessment from a C3PAO in lieu of a self-certification
✅ CMMC includes the entire DoD industrial base – approximately 300,000 contractors and subcontractors
✅ CMMC-AB LPPs and LTPs are authorized to develop and train OSCs in various CMMC certification and informational courses
Working towards certification within the CMMC ecosystem can be a daunting task for any organization. This is where the need for various training and education can make a world of difference in understanding the CMMC Model, best practices, and the ability to apply concepts around protecting information. It is critical to have a solid comprehension of the legal and regulatory guidance as it pertains to the Department of Defense’s (DoD) Cybersecurity posture.
As a CMMC-AB Licensed Partner Publisher (LPP) and Licensed Training Provider (LTP), Edwards produces quality training materials for other LTPs or Organizations Seeking Certification (OSC).
Focused on learning solutions that enhance organizational performance, our courses are created using Edwards’ instructional systems design approach based on industry standards – and have been for 20+ years. This expertise coupled with our cybersecurity team’s experience in assessing and interpreting standards makes for dynamic training solutions. We are CMMC advocates and training professionals supporting the Defense Industrial Base (DIB) cybersecurity health.
Our online courses and accompanying course materials are updated continuously to provide the most accurate, recent CMMC information. We aim to provide flexible learning at the click of a button – delivering an accessible way to become CMMC compliant. We also offer customized training and discounts for multiple seat purchases; inquire to learn more!
Our Training & Development (T&D) team partnered with our Cybersecurity SMEs to bring you CMMC courses – equipping teams with the knowledge to achieve business objectives. Our CMMC courses include certification based CMMC-AB curriculum (pending CMMC-AB approval) and CMMC topics developed by Edwards’ training experts.
Our 4 hour Executive Overview course is designed for the busy executive who requires high-level knowledge of what CMMC means to your organization. CMMC-AB certification courses range from 4-5 days depending on the subject, with an optional 4 week Study Group, sure to help you pass the exam.
These courses are currently provided as virtual instructor led training (VILT), facilitated by cybersecurity industry leaders. Enroll in a session today!
![Click Here to Sign Up Today CMMC-AB [Replacement Graphic]](https://edwps.com/wp-content/uploads/2021/01/Click-Here-to-Sign-Up-Today-CMMC-AB-Replacement-Graphic-400x300.png "Click Here to Sign Up Today CMMC-AB [Replacement Graphic]")
To continue work with the government, organizations must be certified at an appropriate CMMC maturity level, but most aren’t sure where to start. The CMMC-AB created the RPO certification to provide OSCs confidence in their consultant selection for both quality and knowledge of CMMC concepts to get the job done. C3PAOs are the only organizations authorized to conduct official CMMC assessments against the five Maturity Levels of security practices, from Basic to Advanced, designated by the CMMC-AB.
As an RPO and C3PAO, Edwards is equipped to provide advisory CMMC Level 1 or Level 3 consulting services and support, as well as pre-certification assessments to establish a CMMC plan of action. OSCs should work with an RPO or C3PAO to prepare for either certification; however, you cannot engage with the same C3PAO for both pre-assessment consulting services and the actual CMMC assessment. All verified RPOs and C3PAOs are listed on the CMMC-AB Marketplace. Our goal is to advise DoD suppliers on how to best prepare for a successful CMMC assessment and enforce the maturity levels designed by the CMMC-AB.
Our team of cybersecurity experts brings more than a half century’s worth of understanding and experience in assessing and interpreting standards, guidelines, and best practices to improve cybersecurity programs. Edwards is here to assist you on your CMMC journey!
To continue work with the government, companies must be certified at an appropriate level of maturity against the CMMC, but many companies need help determining where to start.
Our quick look approach is designed to be affordable and provide you with exactly what you need to do in preparation for a CMMC audit, through four steps. At this time, Edwards offers a Level 1 and Level 3 Quick Look Assessment, with varying levels of consulting support. Edwards continues to increase our offerings as the DoD provides more CMMC compliance information. Contact us at Info@EdwPS.com for more information.
Check out our other solutions – Enterprise Management, IT Services, Training & Development, and Cybersecurity.
Learn to meet cybersecurity business goals and organizational priorities, while connecting with the best in the business.
Ready to take on your unique challenge, we will hit the ground running and achieve results—not only through what we deliver, but in how we deliver it.
Edwards is a Licensed Training Provider, certified through the CMMC-AB.
Licensed Training Providers (LTPs) are the universities, community colleges, and other learning institutions that train Certified Professionals and Certified Assessors.
Licensed Instructors must also be Certified Assessors, and are trained and certified to teach assessor applicants in the details and rigors of CMMC assessment practices and processes. Instructors can only teach classes that correspond with their level as a Certified Assessor.
Edwards is a Licensed Partner Publisher, certified through the CMMC-AB.
Licensed Partner Publishers (LPPs) provide the materials for Licensed Training Partners (LTPs), used by their Certified Instructors for training Registered Providers, Certified Professionals, and Certified Assessor applicants.
Our instructors are cyber industry professionals with years of cybersecurity experience, and are qualified in CMMC expertise.
JOY BELAND is the CMMC Program Manager for Edwards Performance Solutions, delivering live training for all areas of CMMC, as well as an active participant of the Commercial Cybersecurity Assessment Team. Before joining Edwards, Joy served the MSP community as a cybersecurity education instructor, educating 3,000+ on cybersecurity fundamentals from 2019-2020. In addition to her facilitation experience, Joy owned a successful MSP in Los Angeles for 21 years.
BRIAN HUBBARD brings 35+ years of cybersecurity program management experience to his role as Director of Commercial and Cybersecurity business at Edwards Performance Solutions. Brian leads Edwards’ CMMC initiatives, supporting organizations in their preparation for CMMC assessments, as a CMMC-AB Registered Professional (RP). Prior to joining Edwards, Brian led the contractor team supporting NIST in the development of the "Framework for Improving Critical Infrastructure Cybersecurity" (i.e., the NIST Cybersecurity Framework) in response to Executive Order 13636.
Certified Professionals and Certified Assessors are trained and tested to provide certified assessment and consultative services to Organizations Seeking Certification (OSCs). Authorized to participate as an assessment team member under the supervision of a Certified Assessor.
Edwards is a Registered Provider Organization, certified through the CMMC-AB.
Registered Provider Organizations (RPOs) use Registered Practitioners (RPs) to deliver pre-assessment services to OSCs. Pre-assessment services include activities like readiness assessments, as well as helping to remediate any of the findings of pre-assessments by creating documentation and supporting the completion of Plans of Action and Milestones.
Edwards is a Cybersecurity Maturity Model Certification (CMMC) Certified Third-Party Assessor Organization (C3PAO), certified through the CMMC-AB.
C3PAOs, Certified Third-Party Assessment Organizations, are the organizations employing Certified Assessors and Certified Professionals, ensuring that they adhere to the CMMC-AB Code of Professional Conduct. C3PAOs provide quality assurance of the assessment process and results, and presents them for final certification to the CMMC-AB.
Edwards Cybersecurity Team was trained and approved as CMMC Registered Practitioners (RPs), certified through the CMMC-AB.
Registered Practitioners (RPs) work for Registered Provider Organizations (RPOs) and are authorized to conduct pre-assessment readiness reviews and to help prepare the OSC for certification. Registered Practitioners cannot be part of formal assessment teams.