Cask, an Authorized CMMC C3PAO

Talk to us about a Pre-Assessment or Formal Assessment

What is CMMC?

The Cybersecurity Maturity Model Certification (CMMC) will be required for the DoD’s Defense Industrial Base (DIB) contracts, products, services, and supply chain to protect Controlled Unclassified Information (CUI). Certification will be required to work with the DoD.

How do I get Certified?

The CMMC Accreditation Body (AB), a non-profit, independent organization, will accredit CMMC Third Party Assessment Organizations (C3PAO) and individual assessors. The CMMC AB will provide the requisite information and updates on its website.
www.cmmcab.org

The CMMC AB has established the CMMC Marketplace. It includes a list of approved C3PAO as well as other information. Once the Candidate C3PAOs are assessed and certified, formal assessments will begin. Find us on the CMMC AB Marketplace.
https://portal.cmmcab.org/marketplace/cask-government-services-c3pao/

What is CUI?

CUI is information the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that a law, regulation, or Government-wide policy requires or permits an agency to handle using safeguarding or dissemination controls.

Critical Infrastructure
Defense
Export Control
Financial
Immigration
Intelligence
International Agreements
Law Enforcement
Legal
Natural and Cultural Resources
NATO
Nuclear
Privacy
Procurement and Acquisition
Proprietary Business Information
Provisional
Statistical
Tax

A CUI Registry provides information on the specific categories and subcategories of information that the Executive branch protects. The CUI Registry can be found at: https://www.archives.gov/cui and includes these index groupings.

What if my company does not possess CUI?

If a DIB company does not possess CUI but possesses Federal Contract Information (FCI), it is required to meet FAR Clause 52.204-21 and must be certified at a minimum of CMMC Level 1.

Companies that solely produce Commercial-Off-The-Shelf (COTS) products do not require a CMMC certification.

Should I Start Now?

Yes. Cask Government Services can get you started by performing a pre-assessment of your environment. If you would like a free checklist with sample answers for Maturity Levels (ML) 1 Click below:

Cask, an Authorized CMMC C3PAO

What is CMMC?

The Cybersecurity Maturity Model Certification (CMMC) will be required for the DoD’s Defense Industrial Base (DIB) contracts, products, services, and supply chain to protect Controlled Unclassified Information (CUI). Certification will be required to work with the DoD.

How do I get Certified?

The CMMC Accreditation Body (AB), a non-profit, independent organization, will accredit CMMC Third Party Assessment Organizations (C3PAO) and individual assessors. The CMMC AB will provide the requisite information and updates on its website.
www.cmmcab.org

What is CUI?

CUI is information the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that a law, regulation, or Government-wide policy requires or permits an agency to handle using safeguarding or dissemination controls.

What if my company does not possess CUI?

Companies that solely produce Commercial-Off-The-Shelf (COTS) products do not require a CMMC certification.

Should I Start Now?

Yes. Cask Government Services can get you started by performing a pre-assessment of your environment. If you would like a free checklist with sample answers for Maturity Levels (ML) 1 Click below:

ML 1 Checklist (17 Practices/Controls)

ML 2 Checklist (72 Practices/Controls)

ML 3 Checklist (130 Practices/Controls)

ML 4 Checklist (156 Practices/Controls)

ML 5 Checklist (171 Practices/Controls)

ML1 and ML3 Assessment Guides published

Please contact Cask directly for more information on pre-assessments and other checklists.

Once you are ready for your pre-audit give us a call at 540-498-0897 or email us at CMMC@caskgov.com.

Cask, an Authorized CMMC C3PAO

What is CMMC?

The Cybersecurity Maturity Model Certification (CMMC) will be required for the DoD’s Defense Industrial Base (DIB) contracts, products, services, and supply chain to protect Controlled Unclassified Information (CUI). Certification will be required to work with the DoD.

How do I get Certified?

The CMMC Accreditation Body (AB), a non-profit, independent organization, will accredit CMMC Third Party Assessment Organizations (C3PAO) and individual assessors. The CMMC AB will provide the requisite information and updates on its website. www.cmmcab.org

What is CUI?

CUI is information the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that a law, regulation, or Government-wide policy requires or permits an agency to handle using safeguarding or dissemination controls.

What if my company does not possess CUI?

Companies that solely produce Commercial-Off-The-Shelf (COTS) products do not require a CMMC certification.

ML 1 Checklist (17 Practices/Controls)

ML 2 Checklist (72 Practices/Controls)

ML 3 Checklist (130 Practices/Controls)

ML 4 Checklist (156 Practices/Controls)

ML 5 Checklist (171 Practices/Controls)

ML1 and ML3 Assessment Guides published

Please contact Cask directly for more information on pre-assessments and other checklists.

Once you are ready for your pre-audit give us a call at 540-498-0897 or email us at CMMC@caskgov.com.

The CMMC Accreditation Body (AB), a non-profit, independent organization, will accredit CMMC Third Party Assessment Organizations (C3PAO) and individual assessors. The CMMC AB will provide the requisite information and updates on its website.
www.cmmcab.org