Why BSC Systems?

We assist businesses and organizations to improve their security posture while achieving compliance with regulatory requirements. This is accomplished at a reasonable, predictable cost and with minimum interference to our clients’ ongoing operations.

Our track record speaks for itself: Since 1999, 100 percent of our clients have achieved their Authority to Operate (ATO) under FISMA and HIPAA certification programs.

CMMC

BSC provides a CMMC Solution tailored for your organization

BSC has extensive experience over the last fifteen years helping organizations navigate the FISMA NIST 800-53 requirements and obtain their government client’s Approval to Operate.

BSC also assists multiple government contractors with the DFARS and NIST 800-171 requirements including guiding them through the SPRS process through performance of an independent assessment and SPRS score determination.

We have leveraged this experience to become a CMMC-AB Registered Practitioner Organization and developed a robust set of CMMC practices. Our Registered Practitioners are available to help you prepare for your CMMC Assessment through a work cost effective multi-phase process:

  • PRE-CMMC PHASE – We can assist you with any NIST 800-171 and SPRS requirements to meet your contract requirements.
  • CMMC DETERMINATION PHASE including definition of system boundary and CMMC Level Assessment.
  • CMMC READINESS ASSESSMENT – Full CMMC GAP Analysis of all practices based on the required CMMC level.
  • CORRECTIVE ACTION PLAN – We provide an action plan to correct deficiencies detected during the Gap Analysis.
  • POLICIES, PROCEDURES and PLAN DEVELOPMENT – We have a template for policies and procedures for each of the 17 CMMC domains.
  • REMEDIATION PHASE – BSC can provide technical assistance with finding remediation solutions.
  • CMMC ASSESSMENT PACKAGE – Finally, we will prepare your organization for the formal C3PAO review. We will provide assistance preparing a repository with documentation and two examples of objective evidence for each practice.

Free Consultation

Remember, there is no charge for the initial phone consultation!

Logo (1)
Logo-RPO-Registered

A Quick Look at CMMC Levels

The CMMC combines various cybersecurity standards and best practices across several maturity levels that range from basic cyber hygiene to dealing with advanced persistent threats and maps these practices and processes across these levels. Based on the latest information, the following are the CMMC levels and their respective requirements. Each level includes the requirements of the previous level.

Level 1

Basic Cyber Hygiene

“Basic Cyber Hygiene” – This is the basic initial level that requires implementing 17 practices from NIST 800-171.

Level 2

Intermediate Cyber Hygiene

“Intermediate Cyber Hygiene” – This includes another 48 practices of NIST 800-171 plus 7 new CMMC practices.

Level 3

Good Cyber Hygiene

“Good Cyber Hygiene” – This requires the remaining 45 practices of NIST 800-171 plus 13 new CMMC practices.

Level 4

Proactive

“Proactive” – This is still being determined by the DOD and CMMC but currently it includes 11 practices of NIST 800-171 plus 15 new CMMC practices.

Level 5

Advanced / Progressive

“Advanced / Progressive” – This is also still in the planning stages but includes the final 4 practices in NIST 800-171 plus 11 new CMMC practices.