Preparing for CMMC?

Trusted Partners

"Quzara has the C ompliance Expertise , T echnical know-how, and Security DNA we needed."

Director, Government Contractors

The CMMC space is still evolving. All definitive guidance is solely from Office of the Under Secretary of Defense for Acquisition and Sustainment. The CMMC Accreditation Body has not fully established the C3PAO or certification processes. Further, several CMMC controls (practices) are in draft format and have not been fully incorporated into the Defense Federal Acquisition Regulation Supplement (DFARS). Quzara, LLC is not claiming to provide CMMC certifications, promising CMMC compliance, nor do we perform audits or work with companies claiming to be CMMC auditors. Quzara, LLC is a cybersecurity Advisory firm with extensive experience working in FedRAMP compliance and navigating NIST 800-171 controls. After careful review of CMMC 1.0 released in late January we developed a free CMMC Pre-Assessment Tool that analyzes a company’s current security posture, while taking into consideration NIST SP 800-171 controls that have already been mapped to CMMC in version 1.0. These controls and practices are based on NIST controls that have been used by the United States Federal Government for almost two decades. There is no proprietary secret sauce and it’s designed to help enable contractors in the Defense Industrial Base (DIB) meet their cybersecurity requirements. Our CMMC Services do not extend beyond Advisory and Managed Security services, using only CMMC information that has already been released to date for public use.