Prevalent announced that it is the first third-party risk management company to offer questionnaires for all five levels of the CMMC to certified third-party audit organizations (C3PAOs) and Department of Defense (DoD) contractors.
The leader in third-party risk management provides the only solution to assess, monitor and remediate risks across all CMMC domains and practice areas.
“Companies are under tremendous pressures to ensure that their supply chains are secure and resilient,” stated Brad Hibbert, chief strategy officer for Prevalent.
“In today’s environment it’s more important than ever to ensure that third-party suppliers are compliant with DoD standards. Prevalent prides itself on providing contractors and auditors with questionnaires to support all of the certification levels needed to ensure a secure supply chain.”
On January 31, 2020, the Office of the Under Secretary of Defense for Acquisition and Sustainment in the DoD released v1.0 of the CMMC. Developed to serve as a single cybersecurity standard for all future DoD acquisitions, CMMC requires that each of the more than 300,000 DoD contractors become CMMC certified beginning in October 2020, with a five-year phase-in and renewals every three years after that.
The Prevalent Third-Party Risk Management Platform simplifies and accelerates risk identification and audit reporting with a single cost-effective platform for all CMMC questionnaire levels.
The solution automatically creates, quantifies and contextualizes risks from questionnaire responses in order to streamline the risk assessment process and provides prescriptive guidance and recommendations to contractors in order to improve their security hygiene and compliance standing.
The platform improves visibility with clear scoring and compliance status against accepted DoD standards and ensures auditors and contractors use the most current questionnaires with automatic updates. The platform enables C3PAO auditors and DoD contractors to assess and demonstrate CMMC compliance.
With Prevalent, CMMC certified auditors can use the platform with all five levels of CMMC controls questionnaires included. Certified auditors can:
- Invite clients into the Prevalent platform to complete standardized control assessments in an easy-to-use, secure tenant
- Automate chasing reminders to clients to reduce the time required to complete assessments
- Centralize supporting documents submitted as evidence of the presence of controls
- Produce a single risk register based on client responses
- Issue remediation recommendations for failed controls
Additionally, any DoD contractor can use the platform to conduct a pre-assessment prior to the formal audit. With this access, DoD contractors can:
- Assess against the controls required to measure any level of compliance
- Upload documentation and evidence to support answers to questions
- Gain visibility into current compliance status
- Leverage built-in remediation guidance to address shortcomings prior to a formal audit
- Produce compliance reports for auditors