CMMC Compliance Policy Statement

Overview

The Cybersecurity Maturity Model Certification (CMMC) is a framework developed by the United States Department of Defense (DoD) to ensure that contractors and other organizations that handle DoD information have appropriate cybersecurity controls in place. The CMMC framework includes a set of cybersecurity practices and processes that are organized into five maturity levels, with Level 1 representing the lowest level of maturity and Level 5 representing the highest.

CMMC Version 2.0, which was released in December 2021, is the latest version of the CMMC framework. It includes updates and enhancements to the previous version of the framework, including a new maturity level (Level 4) and additional requirements for supply chain risk management.

As an organization that handles DoD information, we are committed to compliance with the CMMC framework and to maintaining the highest level of cybersecurity controls. We understand the importance of protecting DoD information and the critical role that cybersecurity plays in supporting the mission of the DoD.

Policy

To ensure compliance with the CMMC framework, we have implemented a range of security measures and practices that align with the requirements of the CMMC maturity level that is applicable to our organization. These measures and practices include:

Access controls: We have implemented measures to ensure that only authorized individuals have access to DoD information, and that access is restricted based on need-to-know and role-based permissions. This includes the use of access control lists, permissions, and privileges to manage access to DoD information.

Identity and authentication: We have implemented measures to verify the identity of individuals who access DoD information, including the use of strong passwords, multi-factor authentication, and other authentication methods. We also have processes in place to manage the lifecycle of user accounts, including the provisioning, de-provisioning, and review of accounts.

Security awareness and training: We provide ongoing security awareness and training to all employees and contractors who handle DoD information, to ensure that they understand their roles and responsibilities in protecting this information. This training covers a range of topics, including cybersecurity threats, risk management, access controls, and incident response.

Risk management: We have implemented a risk management process to identify, assess, and mitigate risks to the confidentiality, integrity, and availability of DoD information. This process includes the use of risk assessment tools and techniques, and the implementation of appropriate controls to address identified risks. We also have processes in place to monitor and review risks on an ongoing basis, and to update our controls as necessary to address changing threats and vulnerabilities.

Supply chain risk management: We have implemented measures to ensure the security of our supply chain and to protect against the introduction of vulnerabilities or threats through our suppliers. This includes the use of supplier risk assessment tools and techniques, and the implementation of appropriate controls to address identified risks. We also have processes in place to manage the lifecycle of our supplier relationships, including the onboarding, monitoring, and review of suppliers.

In addition to these measures and practices, we have implemented a range of technical controls to protect against cyber threats and to ensure the confidentiality, integrity, and availability of DoD information. These controls include firewalls, intrusion prevention systems, antivirus software, and other security technologies. We also have processes in place to monitor and respond to security events and incidents, and to report these events to the appropriate authorities as required.

We are committed to maintaining compliance with the CMMC framework and to protecting the confidentiality, integrity, and availability of DoD information. We believe that these efforts are essential to support the mission of the DoD and to protect the security and interests of the United States. We also recognize that cybersecurity is an ongoing process, and we are committed to continuously reviewing and improving our policies to ensure compliance with the latest regulations, as well as implementation of best practices in regard to cybersecurity.

For any questions or comments regarding our compliance efforts, please contact us at contact@nwengineeringllc.com or through the web form on our contact page. You may also use these methods to request compliance documentation from our manufacturing partners.

Quick Links and Compliance Statements

 


Ready to work with NWES?
Contact us today for a consultation.

Contact Us Today

Our Clients and Partners