CMMC 2.0 Implementation, Management, and Maintenance Services

Meet all your CMMC 2.0 requirements with Wizard Cyber’s comprehensive service offering

If your business has a presence in the US, it’s likely that you were affected by the announcement of the Cyber Security Maturity Model Certification (CMMC) 2.0 in late 2021 by the US Department of Defense (DoD). This total restructuring of the CMMC model, based almost entirely around NIST SP 800-171 and SP 800-172, stands to affect around 300,000 businesses and dramatically changes the cyber security requirements you have to meet

At Wizard Cyber, our cyber security experts have dissected the new requirements and built a comprehensive set of services to help you achieve CMMC 2.0 certification. Whether you are required to attain level 1, 2, or 3 of the framework, Wizard Cyber can ensure you are prepared for any CMMC audit by implementing, managing, and maintaining a complete suite of cyber security services

How can Wizard Cyber help your business meet your CMMC 2.0 requirements?

We have carefully crafted a comprehensive set of cyber security services, designed to guarantee CMMC 2.0 compliance. Below, you can see a detailed breakdown of how each service corresponds to the relative NIST SP 800-171 controls

Our CMMC 2.0 services have been designed to be flexible and can be tailored to your organisation’s specific needs. If you only need to meet one control to achieve compliance, we can ensure that our service achieves that goal and that you only pay for what you need. Likewise, if you require our entire suite of services, we can provide implementation, management, and maintenance in a cost-effective way that guarantees compliance now and in the future with as little business disruption as possible

Our CMMC consultants can also provide guidance and support in working with auditors to ensure compliance, increasing your chances of gaining and maintaining certification


Managed Microsoft Azure Sentinel

Supported by our managed 24x7x365 global SOC, proprietary incident management and response platform (CYBERSHIELD IDR), and Microsoft Azure Sentinel’s industry-leading functionality, our Managed Microsoft Azure Sentinel service meets NIST SP 800-171 controls: 3.14.3, 3.14.6, 3.14.7, 3.11.1, 3.11.2, 3.11.3, 3.6.1, 3.6.2, 3.6.3, 3.3.1, 3.3.2, 3.3.3, 3.3.4

Managed Microsoft Defender for Endpoint (CYBERSHIELD EDR)

By combining the powerful functionality of Microsoft Defender for Endpoint with our 24x7x365 global SOC and optional threat intelligence capabilities, we are able to provide rapid threat detection, identification and response. CYBERSHIELD EDR meets NIST SP 800-171 controls: 3.14.5, 3.8.6, 3.8.7
Managed Firewall Service

Managed Firewall Service

Configuration, maintenance, and ongoing 24x7x365 monitoring of your firewall ensures that any threats are identified and responded to quickly and efficiently. If your organisation lacks a suitable firewall, we can provide expert procurement services to ensure it meets CMMC 2.0 requirements. Our managed firewall service meets NIST SP 800-171 controls: 3.13.1, 3.13.5, 3.13.6


How will CMMC 2.0 affect your business?

CMMC 2.0 is a complete overhaul of how the model has worked in the past. With this update has come an array of new requirements as the US DoD seeks to improve and strengthen the defense industrial complex’s ability to defend itself from cyber-attacks

Due to this, even if your business complied fully with CMMC before 2.0 was announced, you will likely now be required to implement new systems or update your existing ones. These systems and updates will often be very complex and require considerable amounts of time and resources to implement to a sufficient level to achieve certification

The differences between the original iteration of CMMC and CMMC 2.0 are numerous. Many businesses will be required to implement 24x7x365 monitoring, endpoint protection, incident detection and response capabilities and much more. You should be prepared to increase your cyber security budget, review your policies, and seek guidance from industry experts. You will also be required to meet regular CMMC audits to ensure your continued compliance

How is the CMMC 2.0 model structured?

Level 1 – Foundational

Built for businesses that utilise and store Federal Contract Information (FCI), level 1 requires businesses to meet 17 practices. These practices are made up of a limited subset of NIST SP 800-171 controls, designed to assure basic cyber security integrity.

The aim of level 1 is to encourage military contractors that utilise FCI to develop and strengthen their cyber security before they become eligible to move onto levels 2 and 3 where they will deal with more sensitive and confidential information and contracts.

This level is achievable via a self-assessment, conducted on an annual basis. This self-assessment is then sent to the DoD to be confirmed.

Level 2 – Advanced

The second level of CMMC 2.0 requires a significant amount of investment from businesses. Rather than 17 practices, you will be required to meet 110 practices, based on the NIST SP 800-171 framework.

Designed for contractors that utilise and store Controlled Unclassified Information (CUI), level 2 is responsible for securing information that is important or critical to national security.

Assessments for this level are defined based on the information that the business handles. Prioritised information requires an assessment every 3 years, led by an approved third-party auditor. Non-prioritised information requires an annual self-assessment, similar to level 1.

Level 3 – Expert

The final level of CMMC 2.0 is still under development and hasn’t been officially completed. Based on the as-yet unannounced controls of NIST SP 800-172, level 3 will require meeting over 110 practices.

These practices will require organisations to have a state-of-the-art cyber security system that provides the highest level of protection possible.

Designed for organisations that utilise CUI of the highest priority possible, level 3 is integral in ensuring the safety of information that is critical to national security.

Assessments at this level will be conducted every 3 years by a government-led auditing team. Organisations at this level should expect an extremely thorough and rigorous assessment designed to test the limits of their cyber security systems.

Your business, our mission

Wizard Cyber offer enterprise-grade, cost-effective cyber security solutions. As a Gold Certified Microsoft Partner and Azure Certified Expert MSP, we utilise our experience in Microsoft Azure Sentinel to provide the highest level of protection possible to customers of any industry and size

Our team of talented and experienced cyber security professionals are dedicated to providing the best service possible for our customers, regardless of their requirements and situation

Get in touch with us today to discuss your cyber security concerns or to find out how you can achieve complete protection against cyber-attacks and data breaches

Director Global Enterprise Sales

Customer Success Stories & Case Studies

Let's talk about your requirements

Please fill out the form below or call us directly on +44 (0) 333 311 0121