MJS Designs Pursues CMMC Certification

At MJS Designs, we pride ourselves on not only ensuring projects meet and exceed rigorous industry standards, but also making sure we always update our security protocols to the latest industry standard to guarantee client security and privacy.

That is why we are in the process of achieving Level 3 of the Cybersecurity Maturity Model Certification, a new cybersecurity framework standard being rolled out by the Department of Defense (DOD).

“Network security has always been a priority for us as we worked towards NIST compliance early on,” stated Dawn Northrop, president of MJS Designs. “With all of the cybersecurity threats out there, the CMMC certification demonstrates to all of our customers, vendors, and employees just how serious we are about keeping their data and information secure.  This is not an easy or inexpensive endeavor, but it is definitely a rewarding investment knowing we will be receiving third party certification confirming our efforts towards cybersecurity.”

This new standard utilizes requirements from NIST 800-171, the Federal Acquisition Requirements (FAR) document 52.204-21. CMMC will eventually replace NIST 800-171. There are four phases to becoming CMMC Compliant: gap analysis, implementation, pre-assessment and assessment.

CMMC Gap Analysis

Phase one is the CMMC Gap Analysis. This is a thorough analysis to look at the current status of an organization’s cybersecurity. The analysis compares the status to the CMMC requirements based upon the CMMC level the organization plans to achieve. This is a crucial step and without it, it is impossible to know what changes must be implemented in order to meet compliance for the required CMMC level. This report provides a layout for the best course of action for a company to follow in order to meet the CMMC requirements.

CMMC Implementation

The conclusions of the gap analysis will determine how the organization will move to the next phase of the CMMC Certification. During CMMC implementation, current gaps in systems will be addressed compared to the new framework by applying appropriate controls and addressing any missing requirements. This includes developing and writing the extensive documentation required.

Pre-Assessment and Review

The CMMC Pre-Assessment is the third phase of the four-phase CMMC certification process. This can be considered a rehearsal to the actual assessment to identify any weaknesses in the organization’s cyber security plan and policies.  In this phase, a CMMC compliance expert will perform a pre-assessment to verify implementation and confirm the maturity of the CMMC implementation. The auditor will submit a report to the organization to detail the compliance status. The organization will then have an opportunity to make adjustments based upon the feedback.

CMMC Assessment

A Certified 3rd Party Assessor Organization (C3PAO) will perform the Certification Assessment. Unlike the existing NIST 800-171 requirements, self-assessments for the CMMC Certification are not permitted.

The C3PAO will report the findings to the CMMC Accreditation Body (CMMC-AB) which will then review the evidence and award the certification.

By continuing to update our knowledge through educational training and working with leading regulatory authorities, we provide electronics engineering design, CAD layout, printed circuit board assembly, cable and wire harness assembly, system and box builds, and test solutions for the communications, semiconductor, medical, government and military, industrial, aerospace and automotive industries.

The CMMC Certification is just one of many certifications and qualifications we adhere to in order to ensure exceptional customer service and satisfaction at MJS Designs. Others include CID+ Certification, IPC Certifications, and AS9100D Certification.

MJS Designs is currently in the pre-assessment phase of the process. Once auditors are certified for assessments in early 2022, we will be ready for the fourth and final phase towards CMMC certification.

Whether we are working on a military contract or with a private company, we understand how vital IT security and privacy is for every customer. Learn more about MJS Designs leadership, credentials, and certification at https://mjsdesigns.com/leadership-and-credentials.