The DoD’s best-kept NIST 800-171 secret
The Cyber AB affirms that the Department of Defense (DoD) approves the option for defense industrial base (DIB) companies to engage in CMMC Joint Surveillance Voluntary Assessments (JSVAs) instead of DIBCAC NIST 800-171 high assessments. It’s great news for DIB companies, as it allows them to work with a C3PAO of their choosing and get two recognitions for the price of one!
- How a CMMC JSVA demonstrates CMMC compliance
- How a CMMC JSVA give you a competitive advantage
- How can CMMC JSVA extend your CMMC recertification period
Check out our video from CMMC expert Kyle Lai, President of KLC Consulting, a C3PAO company discussing the benefits of choosing a CMMC JSVA, the process involved, and how to become CMMC Certified now!
JSVA is better than a NIST 800-171 High Assessment
Demonstrate compliance with DoD cybersecurity requirements: DIBs that pass a CMMC JSVA demonstrate trustworthiness in providing adequate protection for Controlled Unclassified Information (CUI) to the DoD and Prime customers according to DFARS mandates.
Gain a competitive edge when vying for new contracts: DIBCAC enters certification results in the DoD’s SPRS system, which gives a competitive advantage when vying for new contracts. DoD contract officers are required to validate DIB SPRS filings under DFARS 7024
Extend your CMMC recertification period: JSVA assessments convert to a CMMC Level 2 Certification after final rulemaking. So, your CMMC recertification period will extend well beyond three years.
What is the CMMC JSVA process?
The CMMC JSVA process is straightforward. It begins with an initial kickoff meeting to understand your business operations, in-scope CUI environment, and assets. The assessor will review your documentation and artifacts and schedule the assessment dates. During the assessment, the assessor evaluates your controls’ adequacy and sufficiency and provides an assessment report.
Completing the JSVA
If all controls meet the security requirements, you will receive a letter from DIBCAC stating your JSVA success. If the assessor determines you have a few low-risk control deficiencies that require remediation, JSVA allows you the opportunity for a follow-up assessment. Once you successfully complete the CMMC JSVA, you will achieve recognition from both the DoD and your Prime customers for your work to attain compliance.
Conclusion
If you are a DIB company that requires CMMC compliance, I encourage you to consider a CMMC JSVA certification assessment. It is a great way to demonstrate compliance with DoD security requirements, gain a competitive edge, and extend your CMMC recertification period.
JSVA Page
"*" indicates required fields
For a deeper dive on CMMC JSVAs, watch our discussion video with our C3PAO experts.
To learn more about CMMC, watch our CMMC 2.0 overview discussion video.
