Moving from NIST 800-171 to CMMC Level 3 | Apptega Blog

How One Contractor Completed Their Preparation Ahead of Schedule

Cape Henry Associates, based in Virginia, operates as both a prime contractor and subcontractor for the U.S. Department of Defense (DoD). The company is a service-disabled veteran owned business (SDVOSB) that specializes in manpower, personnel and training (MPT) services.

Based on their efforts to ensure compliance with NIST 800-171, the cyber team at Cape Henry used a cybersecurity and compliance platform to assess their initial status relative to CMMC Level-3 readiness. They discovered that they were already at 57% of full compliance as their stating point.

With their compliance gaps identified, they used the platform to monitor the status of remediation projects and hold team members accountable to their commitments.

The platform was also used to eliminate the overhead of redundancies between NIST 800-171 and CMMC Level-3.

With CMMC Level-3 readiness complete, Cape Henry is using the objective evidence within their cybersecurity and compliance platform to demonstrate they are the safe choice and improve their competitive position when bidding for contracts.

  “Because of our proactive CMMC preparation, we can easily demonstrate Cape Henry’s cybersecurity safety for the DoD and our contracting partners in the DIB. This has already become a meaningful competitive advantage for us as CMMC scrutiny has increased up and down the supply chain.”

Ed Myers, Associate Compliance Director, Cape Henry Associates



Read the full article HERE.

In the article, you can also learn how this DoD contractor:

  • Exposed unknown gaps in compliance with NIST 800-171
  • Is now easily demonstrating cybersecurity safety for DoD and contracting partners
  • Established compliance system of record
  • CEO has confidence in program efficacy and ability to meet commitments


*** This is a Security Bloggers Network syndicated blog from Apptega Blog authored by Cyber Insights Team. Read the original post at: