It’s great that SCMEP advertised this grant to its members. We were going to have to do this work anyway, but the grant, their partnerships with providers to facilitate the audit, and their continued follow up made this process so much easier than going alone. We appreciate the work SCMEP does with SC manufacturers to make our state thrive.
The company was awarded the SC-CAP grant to assist in the achievement of CMMC level 3 compliance. The overall focus of level 3 is good cyber hygiene and protection of controlled unclassified information (CUI). The assessment assessed whether the company had implemented proper process management, and if it demonstrated the management of activities for practice implementation. Basic Concepts also had to demonstrate good cyber hygiene as specified by NIST SP 800-171, as well as additional practices from other standards.
SCMEP, part of the MEP National Network™, was able to provide services to address the management and administration of a controls effectiveness and policy and procedure assessment concerning the protection of CUI as well as general information security best practice. In addition to assessing current state/progress, the primary objective was to supply support in documentation creation, accurately define responsibilities (amongst vendors, software, managed service providers), and provide sound, up to date and accurate guidance in building out a successful CUI program.