If you are an organization with CMMC requirements, hopefully you have started your compliance journey.
As a Registered Practitioner Organization (RPO), Tego stays up-to-date on the changing guidance surrounding CMMC. Here are a few updates to consider:
- It’s beneficial to utilize an RPO. There is a specific process an organization must undergo to become an RPO. In addition to passing an organizational and background check, the RPs must complete “delta” training and testing as rules change. RPs also participate in periodic CMMC-AB Town Hall updates and are knowledgeable about the defense contracting environment.
- An RPO is for implementation, while a C3PAO is for certification. An RPO can do advisory work and assist with implementation of the controls. A C3PAO focuses on the activities to certify an organization
- It’s more than just about completing an assessment; it’s about the overall security of an organization’s environment. While an assessment is necessary for compliance, it’s not the only reason an organization should complete one. An assessment can tell you what gaps exist in your environment. An RPO will help you correct those gaps and address any vulnerabilities.
- There is no CMMC v3. This is a popular myth in the DiB space. The truth is, the released version after rule-making, will remain version 2. The Code of Ethics applies to the entire ecosystem.
Tego has RPs on staff who have over 12 combined years working with DFARS and many years of experience in the security, audit, and compliance space. Tego is here to help you with your CMMC compliance journey through consulting, assessments, and more. Contact us today to get started.