Intent
CTI’s SHIELDCompliance assists customers with achieving cybersecurity regulatory or standards
requirements to meet the Cybersecurity Maturity Model Certification (CMMC). Our SHIELDCompliance assessments aid
organizations analyze their IT security environment for control strength and effectiveness and compare their overall
posture to requirements outlined in the relevant cybersecurity regulation(s) or standard(s). The three tiers of assessments
that comprise the SHIELDCompliance suite provide varying degrees of review and documentation suitable to diverse
needs and budgets. Recommendations for new controls and configuration guidance for existing controls are provided to
help address compliance gaps.
Components
The following graphic illustrates the various assessments available as part of CTI’s SHIELDCompliance. These services
range from concise one to three-day engagements to detailed multi-week assessments.
SHIELDCompliance
SHIELDCompliance
CMMC – Core
SHIELDCompliance
CMMC – Pro
Benefits
1) Improve Knowledge and Understanding of Security Risks
This program will establish or improve employee awareness of security risks, which will lead to expedited identification of
security gaps, better informed security-related decision-making, and the input required for development of remediation
roadmap(s).
2) Reduces Organization’s Financial, Legal, and Reputational Liability
The regular presence of a dedicated IT security professional improves the organization’s overall security posture and will
position the organization to proactively address vulnerabilities before they are exploited by an attacker, reducing the
likelihood of an attack, and any resulting financial, legal, or reputational damages.
3) Security Guidance
CTI consultants will provide guidance for cybersecurity program management, security control acquisition, and assist with
configuration of any current controls that do not satisfy industry best practice recommendations. Remediation steps will be
provided to bring device configuration(s) into compliance.
4) Certification Preparedness
Preparedness for CMMC certification by identifying gaps and recommended remediation for addressing gaps in your
organization’s security posture versus the CMMC requirements.
- Increased effectiveness in planning and budgeting for annual security efforts.
- Increased internal awareness of security risks results in expedited identification of security gaps, better-informed
security-related decision-making, and the input required for development of a remediation roadmap. - Communicating the results of a SHIELDCompliance CMMC assessment and the resulting security remediation
roadmap to executive stakeholders’ garners sponsorship and support from upper management, demonstrating
organizational due diligence in handling employee and / or customer sensitive data.
CMMC Maturity Level
The CMMC Framework requires a systematic approach to certification mapped to three organizational maturity levels: Expert, Advanced, and Foundational.
CMMC Model Overview
The CMMC Model incorporates the security requirements from: 1) FAR 52.204-21, Basic Safeguarding of Covered Contractor Information Systems, 2) NIST SP 800-171 Rev 2, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, and 3) a subset of the requirements from NIST SP 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800—171. These source documents may be revised in the future, however the CMMC security requirements will remain unchanged until the CMMC final rule is published. In addition, any further modifications to the CMMC rule will follow appropriate rulemaking procedures.
The CMMC Model consists of domains that map to the Security Requirement Families defined in NIST SP 800-171 Rev 2.
