Guernsey, a leading cybersecurity and consulting firm based in Oklahoma City, has partnered with HoganTaylor, one of the largest business advisory and public accounting firms in Oklahoma and Arkansas, to provide Cybersecurity Maturity Model Certification (CMMC) services. Through this strategic partnership, Guernsey and HoganTaylor will collaborate to provide a range of services including audit readiness assessments, consulting to address compliance gaps, or official certification assessments, ensuring client needs are met no matter their phase of the cyber journey.
The CMMC is designed to fortify the defense sector’s cybersecurity infrastructure, ensuring that Defense Industrial Base (DIB) members are equipped to guard against evolving cyber threats. It will require Department of Defense (DoD) contractors to comply with a set of cybersecurity standards to be eligible for certain contracts handling sensitive, defense-related information.
“Our collaboration with HoganTaylor offers an unmatched operational synergy for contractors,” Tim Fawcett, Vice President and Director of Cybersecurity Consulting at Guernsey, said. “Amid changing regulations, we aim to offer clear guidance—together, Guernsey and HoganTaylor can provide comprehensive advice and leadership for clients to manage cybersecurity risks and enhance their cyber posture effectively.”
Guernsey is the only Oklahoma based company to have achieved the Certified Third-Party Assessment Organization (C3PAO) status, which authorizes the firm to provide CMMC assessments, or “audits,” for clients seeking certification to meet their contractual obligations.
Guernsey’s comprehensive cybersecurity experience and C3PAO credentials, coupled with HoganTaylor’s deep-rooted compliance expertise, position the partnership as a linchpin for organizations hoping to achieve CMMC certification.
“We’re always looking for opportunities to enhance our risk assurance service offerings to provide additional value to our clients,” Kevin Hearn, HoganTaylor Risk Assurance Partner, said. “Our collaboration with Guernsey allows us to offer a comprehensive CMMC compliance solution to our clients in the DIB.”
The DoD already requires many contractors to comply with National Institute of Standards and Technology (NIST) 800-171, a set of cybersecurity practices to safeguard sensitive information. CMMC is a formal assessment evaluating an organization’s compliance with NIST 800-171.
In the fourth quarter of 2023, the DoD will publish CMMC 2.0 for public comment, the next formal step to making CMMC a requirement. Once published, many open questions will be answered, and there will be a clear path forward regarding scope, requirements, and timelines for when CMMC will be incorporated into government contracts.
For more information, visit guernsey.us/cmmc