CMMC Support Services

Home / CMMC Support Services

CMMC certification (Cybersecurity Maturity Model Certification)

Cybersecurity is a top priority for the U.S. government, especially the Department of Defense (DoD). The DoD has developed the Cybersecurity Maturity Model Certification (CMMC) in response to more frequent and complex cyberattacks.

This certification is designed to enhance the security of sensitive information and protect confidential data in government contracts. It is derived from NIST 800-171 and incorporates its 14 domains. CMMC comprises 17 domains.

All contractors, subcontractors and suppliers who hold Federal Contract Information or Controlled Unclassified Information, whether they have a direct or indirect relationship with the DoD, are required to be CMMC-certified. Even if your current partners and customers aren't asking for CMMC certification yet, it's likely to become an unavoidable requirement in the future.

StreamScan is one of the few companies in Canada authorised as an RPO (Registered Provider Organisation) to support organisations in their conformity process.

Find out more about our CMMC support service

Would you like to find out if CMMC applies to your company?
Consult one of our CMMC experts.

Talk to an Expert

StreamScan is an RPO

An RPO (Registered Provider Organisation) is an organisation authorised to provide services and support for Cybersecurity Maturity Model Certification (CMMC).

Following a rigorous process, RPOs are authorised by the CyberAb certification body to help companies comply with the security requirements and controls specified for CMMC certification.

Why work with an RPO (Registered Provider Organisation)

RPOs have demonstrated their expertise and ability to guide organisations through the compliance process, providing advice, assessments and support services to achieve the required levels of cybersecurity maturity. They are a valuable partner for companies seeking CMMC certification.

As an RPO, StreamScan accompanies organisations from A to Z to help them pass the various checkpoints. With our support, our customers are in safe hands to comply with CMMC certification requirements.

Find out more about our CMMC support service

Our experts are with you every step of the way, from gap analysis to managing the CMMC auditor and implementing corrective measures.

StreamScan can help you produce all the documentation required for CMMC certification.

Our monitoring service and technology enable you to meet many of the requirements of the CMMC certification standard, speeding up the process.

Get a Quote

NIST 800-171 vs CMMC 2.0

NIST 800-171 and CMMC 2.0 are two essential cybersecurity frameworks for companies working with the US government, but they differ in their approaches and requirements. NIST 800-171 provides guidelines for the protection of unclassified information, while CMMC 2.0 goes a step further by introducing a certification model that assesses companies' cybersecurity maturity.

NIST 800-171

  • NIST 800-171 is a US government cybersecurity standard.
  • It includes 110 security controls divided into 14 domains, thus establishing requirements for protecting sensitive unclassified information (CUI - Controlled Unclassified Information).
  • If you do not use CUI in your business dealings with the U.S. government, you are not required to comply with NIST 800-171.
  • There is no certification. You simply have to rigorously comply with the 110 controls and perform a self-assessment to confirm your compliance.

CMMC

  • CMMC (Cybersecurity Maturity Model Certification) is a new certification developed by the US Department of Defense.
  • It applies to all companies in the Defense supply chain.
  • It is derived from NIST 800-171 and incorporates its 14 domains. CMMC is composed of 17 domains.
  • It aims to enhance the security of sensitive information and protect confidential data in government contracts.
  • CMMC requires third-party certification reinforcing supplier security and compliance.

The SPRS (Supplier Performance Risk System) score from NIST 800-171

When you win a U.S. government contract involving the use or handling of CUI (Controlled Unclassified Information), you may be required to provide your SPRS score. Some of your partners may also require you to provide your SPRS score. This score is the result of a gap analysis between your level of security and the requirements of NIST 800-171. In addition, to submit your SPRS score, you must have a System Security Plan (SSP).

Why StreamScan?

StreamScan has extensive experience in helping organisations achieve a wide range of compliance levels, including NIST 800-171 and CMMC.

StreamScan is one of the few Canadian companies currently authorised as an RPO (Registered Provider Organisation) to support organisations in their CMMC compliance process.

Our experts are with you every step of the way, from gap analysis to management of the CMMC auditor (C3PAO or Certified 3rd Party Assessement Organisation) and implementation of corrective measures.

Our partnership with a U.S.-based company authorised to perform CMMC certification audits speeds up the certification process for Canadian companies.

Our monitoring service and technology can meet many of the requirements of the CMMC standard, speeding up the process.

StreamScan already works with Canada's National Defense and other sensitive public safety and aerospace organisations.

Border Streamscan

What our customers say

StreamScan Textimonials

  • “StreamScan helped us get ready with our CMMC certification. Their team members are professionals and always here to help. The knowledge that StreamScan brings covers all aspects of cybersecurity a company needs. Their valuable recommendations allowed us to have a more robust and holistic security posture, as well as determine the milestones one can face in protecting the environment from cyber risks. The services offered and the StreamScan resources are truly an extension of your team and utilize their knowledge to assist you with your cyber-hygiene to be ready to face the challenges of tomorrow.”

    Jonathan Bieber, IT Director

    Maya HTT

  • “Having worked closely with the StreamScan team over the past year to put in place the requirements for CMMC certification, I can attest to the professionalism, expertise and service excellence that StreamScan provides to its customers. The StreamScan team stands out for its comprehensive service offering, from technical advice with its MDR to expertise in the event of a cyber-attack, and tools such as CDS and EDR. StreamScan is committed to protecting its customers from ever-changing cyber threats.

    I highly recommend StreamScan to any organization looking for reliable and innovative cybersecurity solutions. Their technical expertise, commitment to excellence and exceptional customer service make them a trusted partner for protecting the most valuable digital assets.”

    Ghislain Gamache, IT Manager

    ATLAS AERONAUTIK

1 / 2

StreamScan

State-of-the-art cybersecurity solutions for all businesses

Talk to an Expert