<img alt="" src="https://secure.badb5refl.com/165368.png" style="display:none;">

Moving from NIST 800-171 to CMMC Level 3

By Cyber Insights Team on January 21, 2021

Get Free Insights

Moving from NIST 800-171 to CMMC Level 3

January 21, 2021 | BY Cyber Insights Team

How One Contractor Completed Their Preparation Ahead of Schedule

Cape Henry Associates, based in Virginia, operates as both a prime contractor and subcontractor for the U.S. Department of Defense (DoD). The company is a service-disabled veteran owned business (SDVOSB) that specializes in manpower, personnel and training (MPT) services.

Based on their efforts to ensure compliance with NIST 800-171, the cyber team at Cape Henry used a cybersecurity and compliance platform to assess their initial status relative to CMMC Level-3 readiness. They discovered that they were already at 57% of full compliance as their stating point.

With their compliance gaps identified, they used the platform to monitor the status of remediation projects and hold team members accountable to their commitments.

The platform was also used to eliminate the overhead of redundancies between NIST 800-171 and CMMC Level-3.

With CMMC Level-3 readiness complete, Cape Henry is using the objective evidence within their cybersecurity and compliance platform to demonstrate they are the safe choice and improve their competitive position when bidding for contracts.

  “Because of our proactive CMMC preparation, we can easily demonstrate Cape Henry’s cybersecurity safety for the DoD and our contracting partners in the DIB. This has already become a meaningful competitive advantage for us as CMMC scrutiny has increased up and down the supply chain.”

Ed Myers, Associate Compliance Director, Cape Henry Associates


Read the full article HERE.

In the article, you can also learn how this DoD contractor:

  • Exposed unknown gaps in compliance with NIST 800-171
  • Is now easily demonstrating cybersecurity safety for DoD and contracting partners
  • Established compliance system of record
  • CEO has confidence in program efficacy and ability to meet commitments


More Resources

6 Ways to Overcome Obstacles & Gain Executive Buy-in for Cybersecurity

Gaining C-Suite's support for cybersecurity can be hard. Read this blog to learn how you can gain buy-in for your organization's cybersecurity program.

Learn More

10 Reasons Check-the-Box Compliance Puts Your Organization at Risk

Amidst compliance and regulatory pressures, a minimal approach to compliance is tempting. Read this blog to learn why the minimal approach isn't enough.

Learn More

Moving from NIST 800-171 to CMMC Level 3 | Apptega Blog

Moving from NIST 800-171 to CMMC Level 3? Learn how one contractor completed their preparation ahead of schedule.

Learn More

Subscribe to Our Cybersecurity Insights