Menu

CMMC

The United States Department of Defense has implemented the Cybersecurity Maturity Model Certification (CMMC) framework to normalize and standardize cybersecurity preparedness across the federal government’s defense industrial base(DIB). CMMC evaluates if contractors and subcontractors possess the cybersecurity infrastructure to secure Controlled Unclassified Information (CUI) and Federal Contract Information (FCI). The CMMC framework is built on NIST 800-171 and other laws and is a remedy to the theft of billions of dollars in DoD contractors' intellectual property.

CMMC examines and describes DoD's basic cybersecurity levels. This layered approach enables contractors to comply at the right level.

CMMC mandates a third-party auditor to validate compliance. The process involves verifying documentation of processes and procedures, management and evaluation of cyber incidents, and CUI's digital and physical security.

To win or even BID on a DoD contract, any prime or subcontractor must pass a CMMC audit.

Speak to an Expert

cmmc

Why Choose Accorian?

Accorian was founded so organizations can stop compromising between technology necessities and technology budgets. Formed by technology and cybersecurity leaders, Accorian strives to be your full-service technology partner. Our hands-on approach combined with a goal-oriented, proven methodology brings both fiscal value and expertise to each of our clients.

Version 2.0 of the CMMC

The Department of Defense (DoD) issued Version 2.0 of the Cybersecurity Maturity Model Certification (CMMC) on November 4, 2021, replacing DFARS clause 252.204-7012. DoD contractors need a current NIST 800-171 DoD evaluation by November 30, 2020. This regulation bridges DFARS and CMMC requirements.

The DoD granted $382.6 billion to 300,000 contractors in 2019. Small and medium-sized contractors get 50% of the money. With the worldwide surge in cybercrimes and GDP drain, it's vital that the broad network of contractors adopt a security architecture to secure data and limit DIB risk.

By 2026, all DoD suppliers must be CMMC certified.

Our Services

Accorian assists DoD contractors throughout the United States in navigating the challenges of the Cybersecurity Maturity Model Certification (CMMC). Accorian has a tried-and-true approach for completing complicated, long-term projects, comparable to our multi-framework engagements.
Here’s how we ensure you are fully compliant and can continue building on your security infrastructure as you expand and the environment shifts:

Managing all assets

Conducting a thorough evaluation of the current gaps

Putting policies and procedures in place

Developing and implementing a remediation roadmap

We've fine-tuned solutions via our various experiences that allow our customers to prepare for and achieve compliance sooner and at a lesser cost than other options that have just been on the market.

What We Offer

CMMC 2.0 Compliance Assessment

Remediation Support

Consultation and Advisory Services

Resources

Article

Adobe's Common Controls Framework of Industry-acclaimed security standards

Today’s world is an ever-changing scenario with changes to the technology sector happening more frequently than ever due to emerging technologies. The case is quite similar in the field of Cyber Security. There are a few industry-acclaimed cybersecurity standards for governing the processes and execution of these standards. These standards are usually built upon a framework of control objectives that need to be implemented by the organizations to comply with these standards. Compliance is measured in terms of control objectives meeting the compliance criteria and also other regulatory and statutory criteria. Since most of these Cybersecurity standards speak of similar control objectives or lay emphasis on similar control areas, it is advisable to have the ‘Adobe’s Common Control Framework’, which means that if we are able to comply with a single requirement from a particular framework, in theory, we should be able to use the adherence of that requirement for ALL the similar frameworks. There are several approaches to achieving this Adobe's Common Controls Framework both in theory and in practice and will be discussed in detail later on in this article. The most relevant security and privacy frameworks are ISO 27001, NIST, PCIDSS, GDPR, SOC Type 2. There is a significant overlap of controls contained in these standards as all of these standards primarily deal with one requirement which is the protection of data. Protection of information from unauthorized disclosure, compromise, and theft forms the backbone or the building blocks of an Adobe's Common Control Framework. This leverages the fact that similar controls or that the essence of the controls is the same across standards and can be used to gauge the adherence or compliance of an organization to the standard. In actual execution, while gauging the compliance of an organization, the Adobe's Common Controls Framework is not only holistic but can reduce the effort and cost otherwise required by the organization to comply with individual standards. There are two methods of developing the Adobe's Common Control Framework for an organization and there are very subtle differences between the two methods. They are Controls harmonization and Controls Mapping. Controls Harmonization: Harmonization is the creation of a brand-new control language set from several source languages of standards taking into consideration content & context. In theory, the intent and meaning of the words and sentences remain intact, but the language and actual words of the individual standards have been changed with a new harmonized meaning defined. To achieve the usage of a single language as an industry, globally, it would have significant benefits and it would be the most efficient way to operate not only as security professionals but also as humans. Adobe’s Common Control Framework is an example of this type of construct. The benefits of having a single operating language can truly be amazing in terms of effort reduction and cost reduction. Control Mapping: Today, most brilliant and forward-thinking security professionals are using the control mapping method. The main idea behind this method is to keep the original language intact as much as possible while mapping and matching the intent and meaning of each sentence and word. This is the most practical and realistic approach because this is how humans fundamentally interact with each other globally. One can see this working in real life where two different languages are being spoken by individuals and kept mainly intact, but an interpreter or linguist is translating between the two — the map is developed in the mind of the linguist. Some real-life examples of mapping for cybersecurity frameworks can be seen in HITRUST Framework, Cloud Security Alliance Framework, and even the U.S. Government formally...

View More

Article

Risk Management Framework – Managing & Measuring what matters

A risk management program allows you to manage overall information security risk.  It is an approach to identify, quantify, mitigate, and monitor risks.  The reason to look at risk in a comprehensive manner is to make sure no one area is getting too much attention or, too little. Frameworks also help you identify the bigger elements of risk that need review and mitigation. Additionally, it help you to prioritize the treatment of certain risks. The adherence to risk frameworks also helps give your customers comfort that a standard risk management is in place and hence, reduce your audit burden.  Typically, a Risk Management program comprises of the following phases: Risk identification Risk analysis Risk evaluation Risk treatment Risk Monitoring A good risk management framework will have the following characteristics: Comprehensive in types of risks it covers Practical for an organization to implement Updated with current real-world risks Based on controls that can be reviewed and audited Reliable so that your vendors and customers can accept it There are many risk management frameworks that one can choose from and it important to understand the advantages of each. Common risk management frameworks include: NIST CSF SOC 2 ISO 27001 HITRUST NIST (National Institute of Standards and Technology) framework is a comprehensive cybersecurity framework (CSF).  It is very widely accepted across different company sizes and business domains. Most cyber-security professionals are well aware of this framework as it is readily available.  Although widely available and very popular there is no certified third-party audit mechanism. Hence, it can only be self-assessed.   SOC 2 Type 2 is an internal controls report based on the scope you define.  It is widely used in the United States to show the maturity of your controls.  A CPA firm that is part of the American Institute of CPAs (AICPA) conducts the audit & issues an assessment report.  The AICPA does not audit/review the assessment for completeness or quality.  HITRUST CSF is a framework that came leverages NIST, SOC, and ISO along with others to create a more comprehensive standard.  It is widely implemented in the United States by organisations in the healthcare space.  Unlike others, although there are external assessors that are involved in the certification process, HITRUST reviews all assessments and issues the certificate. Additionally, among all the frameworks above it tends to be the most expensive to implement.  It is important to choose a framework that matches your long-term security goals & needs.  At Accorian, we work with all of the above frameworks. We help organizations choose the right framework and aid with the implementation. This is done by augmenting our team into your security team to help steer the rollout, aid with query resolution, choosing of the right controls & workaround during mitigation advisory, facilitating the selection of vendors & products and end to end program management. 

View More

Article

Accorian Partners with Hexaview Technologies

In a world where technology constantly evolves, the ever-looming specter of cyber threats has grown rapidly. Recent findings have unveiled a staggering 8% surge in weekly global cyberattacks (2nd quarter of 2023). Amidst these challenges, Accorian announces its strategic partnership with Hexaview Technologies Inc. This partnership is forged with a clear vision - to mutually benefit from each other's services and capabilities while maintaining our unwavering commitment to providing the best possible solutions to our clients. By joining forces, we aim to provide clients with a more comprehensive and accessible suite of cybersecurity services and technical prowess. Our combined expertise and resources are dedicated to delivering the best-in-class solutions and demystifying the complex world of cybersecurity for our clients, ultimately fostering its widespread adoption. Here's what our Founder & CEO, Premal Parikh, says about the partnership: “As we continue to grow into a leading cybersecurity and compliance services provider, this strategic partnership reinforces our commitment to addressing current organizational challenges and delivering innovative solutions. Together, we are dedicated to enhancing our capabilities and providing businesses of all sizes with confidence in navigating the complexities of technology, cybersecurity, and compliance.” And our Co-Founder & COO, Aaditya Uthappa, says about the partnership: "Hexaview’s deep domain knowledge of digital transformation, development, analytics & Salesforce (health cloud) expertise will significantly aid our clients as they look to secure themselves. Together, we empower organizations in the tech space to achieve security and enable adoption." About Accorian Accorian is a leading cybersecurity and advisory firm founded by Premal Parikh (Founder & CEO) & Aaditya Uthappa (Co-Founder & COO). Based in New Jersey, with regional offices in Canada and India. We focus on enhancing cybersecurity resilience for businesses of all sizes; our team of seasoned professionals brings extensive expertise in information security and technology, with veterans who have held leadership and CXO roles in global enterprises. We specialize in compliance readiness and assessment, audit services, and penetration testing, aligning with industry standards and regulations, including HITRUST, SOC 2, ISO 27001, NIST CSF, PCI DSS, HIPAA, GDPR, and more. Furthermore, we hold notable accreditations, including HITRUST CSF Assessor, CREST Accredited, PCI Approved Scanning Vendor (ASV), and PCI Qualified Security Assessor (QSA), emphasizing our commitment to rigorous quality and security standards. Our dedication to growth and innovation is exemplified by its inclusion in the prestigious INC 5000 list of Fastest Growing Companies in America. About Hexaview Technologies Hexaview Technologies is a leading technology solutions provider serving the fintech sector in North America, specializing in delivering cutting-edge AI, data, and analytics solutions tailored for the wealth management industry. With a commitment to excellence, Hexaview Technologies empowers businesses to strengthen their digital security and technological capabilities. With its headquarters in New York, USA, and additional locations in the US, Canada, France, and India, Hexaview Technologies is a widely reputed IT consulting and development services provider. It is ISO 27001 and ISO 9001 certified. Since its inception in 2010, Hexaview has served clients worldwide, including Fortune 500 organizations and ambitious start-ups, by developing creative and dynamic solutions.

View More

Article

Accorian Welcomes Farooq Wahab, Director of Cybersecurity – vCISO Services, Canada

Accorian welcomes Farooq Wahab as our new Director of Cybersecurity - vCISO Services, Canada. With over 15 years of dynamic experience in cybersecurity leadership, technology, and compliance, Farooq is set to lead our team in providing top-notch vCISO services to organizations. Farooq has served in leadership roles leading financial services institutions, including Munich Re Group and SGI Insurance. He was the first shared CISO in Canadian Higher Education. In recognition of his services to the profession and for spearheading the adoption of Certified CISO as the Canadian standard, he was awarded the Presidential Award from the EC Council. As the cyber threat landscape evolves with a 15% annual growth rate, having a vCISO leader like Farooq becomes essential. Accorian's Virtual Chief Information Security Officer (vCISO) services ensure your critical systems and sensitive data are safeguarded against increasingly sophisticated cyber threats. With an established presence in the cybersecurity advisory realm, we collaborate with businesses of all sizes to enhance their cybersecurity compliance and offer comprehensive vCISO solutions. To learn more about how our expertise can bolster your organization's security posture, contact us at info@accorian.com or call (732) 443-3468.

View More

Article

ACCORIAN is now CREST Accredited

We super are thrilled to announce that ACCORIAN is now CREST Accredited. CREST is a not-for-profit accreditation and certification body representing the technical information security industry. The CREST Codes of Conduct contain the basic principles that underpin good business practice and ethics, which are all-pervasive. They describe the standards of practice expected of Member Companies and their Consultants and must be observed in parallel with the Code of Ethics. “Accreditation of Accorian is a strong endorsement of its penetration testing team and commitment to robust business processes, data security, and testing methodologies,” said Rowland Johnson, President of CREST. “It also reflects the growing influence of CREST across the Americas and the growing demand for highly-skilled penetration testing services from trusted providers that can demonstrate internationally-recognized, independent validation.” Said Rowland Johnson, President CREST. This accreditation is outcome-focused and concentrates on providing positive outcomes that will benefit and protect clients when achieved. It demonstrates our ability to deliver comprehensive and effective security testing services that meet the most stringent industry standards. Our penetration testers at Accorian are certified and experienced in conducting penetration tests across a client’s entire tech stack, including on-prem & cloud environments. Additionally, they are skilled at conducting adversary simulation tests in the form of red team assessments. The team has a combined experience of working with 500+ clients on 1200+ penetration tests and detection of 25000+ vulnerabilities. Our time-tested and proven penetration testing methodology is built using OSSTMM, OWASP, NIST, and PTES standards. Accorian is an established cybersecurity advisory firm with a global clientele that assists businesses of all sizes in improving their cybersecurity posture through their compliance readiness, audit & penetration testing services, along with meeting long & short-term staffing needs. Our team comprises cybersecurity and IT industry veterans who have held leadership and CXO roles at large global enterprises. Based in New Jersey with regional offices in India, UAE, and Canada, we bring our extensive & diverse experience to our clients. We average over ten years of combined experience in information security & technology as auditors, implementers & testers. Besides penetration testing services, we offer compliance services (readiness and assessment/audit) that include HITRUST, SOC 2, ISO 27001, NIST CSF, PCI DSS, HIPAA, GDPR, etc.

View More

Article

ACCORIAN Joins Civitas Networks for Health

East Brunswick, NJ, May 12, 2022 - Accorian, today announced it has joined Civitas Networks for Health, the largest national network of its kind. Civitas is comprised of member organizations working to use health information exchange, health data, and multi-stakeholder, cross-sector approaches to improve health. Accorian is a leader in providing cybersecurity and compliance services, with a special focus on the healthcare and health technology industry. We work with our clients reduce their security risks and assist companies of all sizes achieve their necessary cybersecurity compliance(s). As an external HITRUST assessor firm, we have helped companies achieve HITRUST certification along with SOC 2 and ISO certifications. “With Accorian’s focus on heath, becoming a member of Civitas allows us to further that focus with the health collaboratives. We hope to continue working with HIEs to strengthen their security and compliance posture,” said Accorian CEO Premal Parikh. “Civitas Networks for Health is excited to have Accorian join our national network,” said Civitas CEO Lisa Bari. “We are raising the voices of local health collaboratives and those providing critical services to support health transformation. From the secure exchange of life-saving data to the accountability of multi-stakeholder initiatives, our member organizations have built the most trusted, connected, and inventive programs to serve their communities.” About Accorian Accorian is full-service cybersecurity and compliance firm that helps its clients with both security AND compliance. Accorian’s clients range from start-ups to fortune 100 firms. Founded in 2019, Accorian is an external HITRUST assessor and a PCI ASV. To learn more about Accorian please visit www.accorian.com About Civitas Networks for Health Civitas Networks for Health is a mission- and member-driven organization dedicated to using health information exchange, health data and multi-stakeholder, cross-sector approaches to improve health. It was formed in October 2021 with the affiliation of the Strategic Health Information Exchange Collaborative (SHIEC) and the Network for Regional Healthcare Improvement (NRHI). Civitas Networks for Health counts more than one hundred regional and statewide health information exchanges (HIEs), regional health improvement collaboratives (RHICs), quality improvement organizations (QIOs) and all-payer claims databases (APCDs) as well as more than 50 affiliated organizations as members and reaches approximately 95 percent of the United States population. To learn more, please visit www.civitasforhealth.org

View More

Article

We are proud of our client, Novus Health Systems, for achieving HITRUST r2 certification. Congratulations.

“We are proud of our client, Novus Health Systems, for achieving HITRUST r2 certification. Congratulations.” In today’s ever-changing threat landscape, HITRUST is continually innovating to find new and creative approaches to address challenges, said Jeremy Huval, Chief Innovation Officer, HITRUST. This achievement places Novus in an elite group of organizations worldwide that have earned this certification. Read More

View More

The Accorian Advantage

Accorian’s cybersecurity and compliance teams bring a wealth of experience to help navigate organizations through their information security journey. Our hands-on, white-glove approach combined with a goal-oriented, proven methodology brings both fiscal value and expertise to each of our clients. The facts speak for themselves.

Ready to Start?

We are Qualified

we are qualified
we are qualified

Security Compliance & Assessment Services

CONSULTING & ASSESSMENT SERVICES

PENETRATION TESTINGRed TEAM ASSESSMENTS
TECHNOLOGY STAFFING

Contact Info

E. info@accorian.com

T. +1-732-443-3468

Contact With Us

Office Address

Accorian Head Office

6,Alvin Ct, East Brunswick, NJ 08816 USA

Accorian Canada

Toronto

Accorian India

401,402, Prestige Towers, Residency Rd., Shanthala Nagar, Ashok Nagar, Bengaluru, Karnataka 560025, India

Shukla CPA, d.b.a Accorian Assurance is a licensed, certified public accounting firm registered with the American Institute of Pubic Accountants (AICPA) and the Public Company Accounting Oversight Board (PCAOB). Esha IT Corp d.b.a Accorian is a global leader in cybersecurity and compliance professional services.

© 2023 Accorian. All Rights Reserved.

Ready to Start?

Drop your CVs to joinourteam@accorian.com

Interested Position

Download Case study

Download SOC2 Guide