Kratos Defense & Security Solutions, Inc. (Nasdaq: KTOS), a leading National Security Solutions provider, announced today that Juniper Networks has awarded the company a second Cybersecurity Maturity Model Certification (CMMC) Advisory Services contract. Kratos will update their existing System Security Plan (SSP) to meet the CMMC Level 3, National Institute of Standards and Technology (NIST) SP 800-171 and DFARS clause 252.204-7012 compliance requirements using Juniper solutions.
The CMMC is a unified security standard and a certification process developed by the U.S. Department of Defense (DoD) to protect the security of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within the Defense Industrial Base (DIB).
The SSP captures the security requirements of a system, describes the implementation state of security controls within the system and identifies responsibilities and expected behaviors of all individuals who interact with the system. As such, it is a critical CMMC requirement. The SSP will include a mapping of security controls to NIST SP 800-171 and CMMC security controls. Also included in the award is a Plan of Action & Milestones (POA&M) that will include existing gaps, as identified during the previously completed CMMC Gap Assessment, performed by Kratos.
Consisting of five maturity levels of security practices ranging from Basic to Advanced, CMMC will be phased into DoD RFPs by early 2021. A CMMC Third-Party Assessment Organization (C3PAO) will be required to conduct assessments on organizations seeking a CMMC level certification. Kratos was recently accredited as a C3PAO by the CMMC-Accreditation Body (AB). Mark Williams, Vice President at Kratos Cybersecurity Services explained: “As major providers of high-performing, scalable routers, switches, firewalls and proven networking solutions for the DoD and Intelligence Community, it is critical that companies achieve CMMC certification prior to an award containing CMMC requirements. During our CMMC engagements, we’ve identified common requirements that impose strategic and operational challenges on organizations seeking certification at Level 3 or higher. That experience, coupled with Kratos’ recent accreditation as a CMMC Third-Party Assessment Organization (C3PAO), knowledge gained as a member of the Defense Industrial Base (DIB) and being subject to CMMC compliance, makes Kratos well-positioned to provide CMMC advisory or assessment services.”
