Drawing on Baker Tilly’s extensive cybersecurity, government contracting and technology risk experience, we can help you achieve your CMMC certification and compliance objectives.

    With the goal of protecting federal contract information (FCI) and controlled unclassified information (CUI) within the contracting community, CMMC will be a requirement for participation in some DoD RFIs and RFPs in 2020, ultimately expanding to all DoD procurement in future years. CMMC will apply to both prime and subcontractors.

    Baker Tilly’s CMMC services are designed to support organizations that are required to obtain their CMMC.

    The journey to certification and how we can help:

    • Readiness: CMMC gap assessment
      Using our extensive understanding of cybersecurity, NIST SP 800-171, and the requirements of the CMMC model, we help map your existing controls to the CMMC model, identify gaps between your controls and the CMMC model, and provide recommendations for remediating those control gaps.
    • Remediation management and support:
      If needed, our specialists can work with you to build a plan and close your existing gaps.
    • Documentation
      Using our extensive audit expertise, we help you formalize your processes and controls, and document your compliance.
    • Future/Pending: Certification and audit support:
      The details of the certification program are not yet defined by the CMMC Accreditation Body (CMMC-AB).  Revisit this page for more detail once the program specifics are released.
    • Cost allowability:
      The DoD indicated they understand contractors will incur incremental costs to establish good cyber hygiene and compliance with new requirements. Our specialists will help you navigate within the appropriate frameworks of cost allowability and allocability.

    Did you know Baker Tilly may be able to deliver CMMC readiness services without having to come on-site?

    Our cybersecurity practice uses a variety of technology tools to streamline our service delivery model and make document sharing and requests seamless. Our specialists are well versed in methods for facilitating video conferences, teleconference calls and live, online document-sharing sessions to perform CMMC readiness services as efficiently as if we were live on-site. You can expect the same quality service, all while minimizing travel expenses and space constraints that can accompany on-site work.

    Baker Tilly is your partner in building a sustainable CMMC program

    • Access to more than 100 industry-fluent cybersecurity specialists
    • Access to government contracting expertise, including fluency with federal frameworks and regulations
    • Depth of experience in managing cybersecurity compliance-based programs