Customer Story - Created Approach & Guided Company Through Building Cybersecurity Capabilities
Due to increasing cybersecurity supply chain attacks, the government enacted new security requirements into law. The client needed to obtain a new supply chain certification called CMMC2.0 (Cybersecurity Maturity Model Certification) to keep their business viable. Achieving this certification required a commitment of time, resources, and a systematic, strategic approach.
Call for Help:
- The client is a distributor of parts for government contracted products. The previous twelve months had brought high-profile supply chain attacks to the industry.
- Any business that has a signed contract with the Department of Defense was required to follow the guidelines outlined in CMMC.
- The client reached out to FarWell to engage with a team to create the approach and guide the company to become CMMC compliant.
Farwell Advisor Support:
- The FarWell team created a holistic and comprehensive approach to mature their Cybersecurity and Enterprise Risk capabilities comprised of an Enterprise Risk Program, a Security Program, and a Security Operations Center (SOC) function.
- Designed and implemented an Enclave (a PreVeil SaaS) to host and utilize CUI data in a protected environment.
- Completed a Gap Assessment to understand the current state business and solution capabilities of the client.
- Created a recommendation for future state business and solution capabilities to make the client ready to attain CMMC 2.0 certification.
Results:
Achieved a perfect score on the CMMC 2.0 level 2 assessment.
- The client achieved a score of 110 out of 110 on the CMMC 2.0 Self-Assessment Level 2 executed through their internal Continuous Improvement auditors.
- The client achieved a high security rating, in the top 1% of all businesses, from a third- party cyber risk assessment tool. It provides the customer, their board, government agencies, and cyber insurers, an objective, data-driven lens to view the ongoing security posture and health of their cyber security program.
