Leverages deep information security expertise to assist Department of Defense (DoD) contractors in preparing for CMMC certification
STAMFORD, CT, February 10, 2021 — EXTEND Resources, a leading business and legal performance improvement company, announced today that the Cybersecurity Maturity Model Certification Accreditation Board (CMMC AB) has recognized the company as a Registered Provider Organization (RPO). EXTEND will help organizations prepare to comply with the CMMC security standard and prepare for the CMMC assessment.
The Department of Defense introduced the CMMC compliance framework in January 2020 as a unified, mandatory cybersecurity standard for the more than 300,000 contractors and vendors that store, process, or transmit either Federal Contract Information (FCI) or Controlled Unclassified Information (CUI). Based on five levels, the framework enables the DoD to evaluate and certify the maturity and reliability of an organization’s security controls and infrastructure and its ability to protect information within the DoD Supply Chain.
The first mandatory milestone, a self-assessment of DoD contractors’ current state of compliance with NIST 800-171, was due November 30, 2020. Depending on the contract, this assessment must be updated every three years, at a minimum. As of November 30, new DoD contracts will not be available to contractors unless the self-assessment has been completed and accepted.
In addition to its registered provider organization status, EXTEND’s Chief Technology Officer & CISO, Antonella Commiato, has achieved Registered Practitioner Status from CMMC AB.
EXTEND’s outsourced information security services team brings technical and operational expertise – along with strategic guidance – to clients, helping them:
- Perform readiness assessments, including the initial NIST 800 self-assessment to determine current compliance status,
- Evaluate the organization’s goals, target the appropriate CMMC level, and budget for a compliance program,
- Establish and evaluate System Security Plans (SSP) to identify gaps,
- Create a Plan of Action & Milestones (POAM) designed to remediate gaps and fully prepare for CMMC assessment, and
- Manage ongoing CMMC compliance via cyber compliance as a service that scales as an organization grows.
“With compliance requirements across 17 domains, 171 practices, and 43 capabilities across five certification levels, CMMC certification is complex and detailed,” said Howard Hoffmann, CEO of EXTEND Resources. “EXTEND brings advanced information security expertise, specialized CMMC knowledge, and talented resources to businesses of all sizes that need to implement a fully compliant program quickly and may lack the internal staff and detailed familiarity with the framework to meet the CMMC requirements.”
About EXTEND Resources
EXTEND Resources brings in-depth business knowledge, fresh perspectives, and holistic problem solving to help organizations generate valuable results. Specializing in business and corporate legal optimization, information security, and data privacy, clients rely on EXTEND’s professional advisory and outsourced services to help them leverage data, enhance efficiency, improve operations, and protect information. EXTEND’s executive team has many decades of combined expertise in business management, information security/data privacy governance and compliance, legal technology, and global outsourcing. To learn how EXTEND can help you power performance, visit ExtendResources.com and follow the company on Twitter at @ThinkExtend.