DoD Approves CMMC JSVA Option for NIST 800-171 High Assessments

Kyle Lai President and CISO, KLC Consulting, Inc. NIST 800-171 R3 analysis from NDIA's Cyber Event

Kyle Lai
President and CISO, KLC Consulting, Inc.
CCP (Certified CMMC Professional), PA (Pending (Provisional Assessor), PI (Provisional Instructor)

The DoD’s best-kept NIST 800-171 secret

The Cyber AB affirms that the Department of Defense (DoD) approves the option for defense industrial base (DIB) companies to engage in CMMC Joint Surveillance Voluntary Assessments (JSVAs) instead of DIBCAC NIST 800-171 high assessments.  It’s great news for DIB companies, as it allows them to work with a C3PAO of their choosing and get two recognitions for the price of one!

  •  How a CMMC JSVA demonstrates CMMC compliance
  •  How a CMMC JSVA give you a competitive advantage
  • How can CMMC JSVA extend your CMMC recertification period

Check out our video from CMMC expert Kyle Lai, President of KLC Consulting, a C3PAO company discussing the benefits of choosing a CMMC JSVA, the process involved, and how to become CMMC Certified now!

JSVA is better than a NIST 800-171 High Assessment

Demonstrate compliance with DoD cybersecurity requirementsDIBs that pass a CMMC JSVA demonstrate trustworthiness in providing adequate protection for Controlled Unclassified Information (CUI) to the DoD and Prime customers according to DFARS mandates.

Gain a competitive edge when vying for new contractsDIBCAC enters certification results in the DoD’s SPRS system, which gives a competitive advantage when vying for new contracts.  DoD contract officers are required to validate DIB SPRS filings under DFARS 7024

Extend your CMMC recertification periodJSVA assessments convert to a CMMC Level 2 Certification after final rulemaking.  So, your CMMC recertification period will extend well beyond three years.

What is the CMMC JSVA process?

The CMMC JSVA process is straightforward.  It begins with an initial kickoff meeting to understand your business operations, in-scope CUI environment, and assets.  The assessor will review your documentation and artifacts and schedule the assessment dates.  During the assessment, the assessor evaluates your controls’ adequacy and sufficiency and provides an assessment report.

Completing the JSVA

If all controls meet the security requirements, you will receive a letter from DIBCAC stating your JSVA success.  If the assessor determines you have a few low-risk control deficiencies that require remediation, JSVA allows you the opportunity for a follow-up assessment.  Once you successfully complete the CMMC JSVA, you will achieve recognition from both the DoD and your Prime customers for your work to attain compliance.

Conclusion

If you are a DIB company that requires CMMC compliance, I encourage you to consider a CMMC JSVA certification assessment.  It is a great way to demonstrate compliance with DoD security requirements, gain a competitive edge, and extend your CMMC recertification period.

Or Call Paul Casassa: 617.314.9721  x158

CONTACT US

For a deeper dive on CMMC JSVAs, watch our discussion video with our C3PAO experts.
To learn more about CMMC, watch our CMMC 2.0 overview discussion video.

DoD Approves CMMC JSVA Option for NIST 800-171 High Assessments CMMC JSVA NIST 800-171 high assessment SPRS CMMC Level 2 CMMC recertification
DoD Approves CMMC JSVA Option for NIST 800-171 High Assessments CMMC JSVA NIST 800-171 high assessment SPRS CMMC Level 2 CMMC recertification

Check out our YouTube channel and LinkedIn pages for the latest information and educational resources for Cybersecurity Maturity Model Certification.

Scroll to Top