Benefits of Robotic Process Automation

If you’re thinking about ways to implement automation in your company, you’re not alone.  A recent study entitled “The State and Fate of Small and Medium Business” conducted by Xerox with Morning Consult surveyed 1,200 business decision makers from companies with 25-1,000 employees in the US, Canada, and UK.  The study indicated that digital transformation and automation have become top priorities in the post-pandemic world:

  • 80% of small and medium-sized business (SMB) leaders saw automating tasks and processes as important to their survival during the pandemic and moving forward.
  • 82% strongly emphasize the importance of digitizing paperwork.
  • Two-thirds plan on upgrading their automation tools.
  • Three out of four observed an increased reliance on workflow solutions over their pre-pandemic setups.
  • 65% have already upgraded their workflow solutions.

How can RPA benefit your business?

Robotic Process Automation (RPA) is a software technology that mimics human actions for high volume, repetitive, rules-based tasks.  It can achieve high levels of efficiency for these mundane and often boring tasks that are better suited to be handled by computers, freeing up humans to focus on creative, strategic, and innovative idea-making.  It is important to think of RPA as a “digital assistant” that helps humans to be more efficient and focus their time on activities that require higher levels of cognition, empathy, and ingenuity.  While RPA implementation is highly successful in many appropriate applications, it does not replace human workforces or populate your office with robots!

Since its inception and early introduction, RPA has experienced meteoric growth in the marketplace, supported by a significant body of highly successful use cases and measured, sustained, and demonstrable return-on-investment.  It involves low/no-code programming and is relatively inexpensive and quick to implement and scale, generating ROI in a matter of months, not years.  Because of its success with large businesses (100% of Fortune 500 Companies now have robust RPA programs) and the emergence of many competitive and highly versatile software platforms in the marketplace, it has reached an affordable, low-risk level of accessibility for small and medium-sized businesses who can truly begin to take advantage of its many benefits.  The current job market and limited availability of staff combined with increasing demands on businesses to thrive in the digital space have accelerated our arrival at a “sweet spot” for RPA adoption.

To successfully begin implementing RPA in your organization, you must first create a strategic and thoughtful approach with some key considerations:

  • Do you have workflows and processes that can be successfully and cost-effectively automated?

RPA is optimal for processes that are high volume, repeatable, and rule-based.  For example, if you run a report once a month and your staff member spends five minutes creating the report, this is most likely not a candidate for automation.  However, if you generate dozens of reports daily and a staff member spends hours, not minutes, pushing buttons, selecting folders, and running and emailing these reports, automation might make sense.

  • Is your organization excited about digital transformation?

RPA adoption requires education, communication, cultural acceptance, and enthusiasm.  It is important to build consensus and identify key leaders and stakeholders that will champion its usage as a part of your corporate culture.  Your RPA team will need to include various roles including C-Suite supporters, I.T. staff and daily users that are excited and positive about change.

  • Have you budgeted for the initial investment of resources?

While RPA implementation is demonstrably cost-effective and ROI can be illustrated for most processes before they are automated, there are still costs to consider including license fees for software, hardware requirements, consulting fees, and labor costs for your internal team.  Initial start-up costs vary widely depending on the number and types of automations chosen, but an industry standard cost range for RPA implementation is $15,000 – $50,000.

  • How will you scale up your RPA program in the future?

RPA is most successful when it is continually monitored, maintained, and scaled up.  As you begin the journey, it is important to create a roadmap for future automations to maximize the full capabilities of your initial investment.  Adding automations after implementation can be achieved at a much lower costs than the initial implementation and will magnify your return by achieving increasing levels of productivity and efficiency across your company.

  • Will you implement RPA using in-house I.T. resources or collaborate with a consultant?

Depending on your company’s in-house I.T. capabilities, you may choose to create an RPA Center of Excellence (CoE) within your own company using in-house resources.  This decision may be affected by availability of RPA expertise, existing workload of current staff, and desire to create long-term autonomy.  An internal CoE can still benefit from expert, outside consultation from a Managed Service Provider in the initial building phase.  If you choose to work with an outside provider for RPA, it is important to select a consultant that has solid experience, certified experts on-staff, and an established history of providing ongoing services to meet your needs for support as you move forward.

Back To Business I.T. and The Greentree Group have established expertise in providing RPA for a variety of clients.  Our United States Air Force RPA Center of Excellence has created a foundational understanding of the technology and its value for Government, as well as private corporate applications in a wide range of sectors including finance, manufacturing, healthcare, and many others.  Our philosophy begins with helping each client thoroughly understand the opportunities, risks, and potential benefits of any technology, and partnering with you to make informed decisions to grow your business.  Interested in learning more about what RPA can do for your business?  Schedule a no-cost consultation here.

CMMC 2.0 Updates

WHAT IS CMMC 2.0?

The Cybersecurity Maturity Model Certification (CMMC) was introduced by the U.S. Department of Defense (DoD) on January 31, 2020 to ensure the protection of sensitive unclassified information or controlled unclassified information (CUI).

Originally, the CMMC framework had five levels of cybersecurity maturity (basic to advanced/progressive) and affected more than 300,000 defense contractors. However, on November 4, 2021, the DoD formally announced the CMMC 2.0 framework. This updated version seeks to simplify the model and reduce compliance costs by streamlining the program and scaling back the requirement that all defense contractors obtain third-party certification of their cybersecurity capabilities. Under CMMC 2.0, about 80,000 contractors will have to undergo third-party assessments while contractors at non-critical CUI levels are able to self-certify. Additionally, contractors who are not yet in full compliance with applicable cybersecurity requirements will be permitted to perform less sensitive contracts if they make a Plan of Action & Milestones (POA&M) and commit to completing the remaining requirements within specified dates. These changes are reflected in the diagram below (published by the DoD):

WHAT ARE THE NEW LEVELS?

1️⃣ Level 1 (Foundational) only applies to companies that focus on the protection of federal contact information (FCI). It is comparable to the old CMMC Level 1. Level 1 will be based on the 17 controls found in FAR 52.204-21, Basic Safeguarding of Covered Contractor Information, and focus on the protection of FCI. These controls look to protect covered contractor information systems and limit access to authorized users.

2️⃣ Level 2 (Advanced) is for companies working with controlled unclassified information (CUI). It is comparable to the old CMMC Level 3. CMMC 2.0 Level 2 (Advanced) requirements will mirror NIST SP 800-171 and eliminate all practices and maturity processes that were unique to CMMC. Instead, Level 2 aligns with the 14 families of security requirements and 110 security controls developed by the National Institute of Technology and Standards (NIST) to protect CUI. Accordingly, the 20 requirements in the old CMMC Level 3 that the DoD had imposed were dropped, meaning that the new Level 2 (Advanced) is in complete alignment with NIST SP 800-171.  Identified within DoD contracts under DFARS 252.204-7012 clause.  DoD is still working to define the “critical” CUI information.

3️⃣ Level 3 (Expert) is focused on reducing the risk from Advanced Persistent Threats (APTs). It is designed for companies working with CUI on the DoD’s highest priority programs, estimated to be about 600 companies. It is comparable to the old CMMC Level 5. The DoD is still determining the specific security requirements for the Level 3 (Expert), but has indicated that its requirements will be based on NIST SP 800-171’s 110 controls plus a subset of NIST SP 800-172 controls.

WHEN WILL CERTIFICATION BE REQUIRED?

The DoD is in the rulemaking process and negotiations with the CMMC Accreditation Body, which is expected to take an additional 9-24 months. While these rulemaking efforts are ongoing, the DoD is suspending mandatory CMMC certification, however, it is strongly recommending defense contractors act now and get CMMC assessed/certified to minimize the risk of DIB companies exposing sensitive unclassified information.

HOW TO GET STARTED

Defense contractors looking to start their CMMC compliance journey should look into meeting the 110 controls in NIST 800-171 as soon as possible, as preparation and implementation can take up to 18 months or more.

Not only can we help you achieve NIST-SP 800-171 compliance, but we can also perform a comprehensive gap analysis and determine your current SPRS score.  Then work with you on a plan to resolve areas of non-compliance. As a full-service I.T. firm, we can also implement solutions to address gaps so you are ready for CMMC certification and future audits.

CONCLUSION

CMMC 2.0’s cybersecurity standards will better arm the DoD in its efforts to defend against cyberattacks that threaten U.S. critical sectors. But it’s clear that the DoD cannot wait for CMMC 2.0 formalized assessments to improve cybersecurity in the Defense Industrial Base. While the CMMC 2.0 requirements work their way through the federal rulemaking process, enforcement of federal cybersecurity regulations governing defense contractors has stepped up. If you’re seeking future business with the Department of Defense, it’s important you get started on the compliance path right away.

5 Benefits of Co-Managed I.T.

Co-Managed I.T.

Managing the complexity of networks and servers, compliance standards, cybersecurity, application updates, software licenses and patches, hardware replacements, and more – all while trying to keep up-to-date with new technology and provide 24/7 support – is a lot to expect from one employee.

Let’s face it, your I.T. department is an essential and necessary part of your business, but even your most competent staff can’t do it all or know it all. That’s where co-managed I.T. comes into play.


Co-managed I.T. is a strategic model that blends the convenience of an internal I.T. team with the outside support of a managed service provider (MSP). It allows businesses to customize which I.T. services they provide in-house and determine where they can use an “extra pair of hands”.  For example, your existing I.T. team might manage software updates, installations, and cabling, but your external partner provides help-desk support and cybersecurity training.

For companies with limited internal resources, co-managed I.T. offers business agility and has significant cost and operational benefits. Here are the top five.

TOP 5 BENEFITS OF CO-MANAGED I.T.

✅ I.T. Expertise On-Demand – If you run into issues your employees have less experience resolving, your co-managed support team can provide their expertise. Opting to offboard some of the problems they don’t know how to fix internally is a great way to leverage MSPs’ expert resources. Not only is their focus on I.T. best practices, but they’ve seen a wide variety of issues, so they know how to handle and resolve pretty much anything.

✅ Increased Productivity – A co-managed service model typically covers routine maintenance, upgrades, and patches. Your systems will run more efficiently, resulting in fewer interruptions to operations. You’ll also benefit from additional support during peak “demand periods,” so your internal I.T. team doesn’t have to stop working on major projects for minor emergencies.

✅ Around-the-Clock Support – One of the most significant advantages of using a co-management I.T. model is offering round-the-clock support to customers outside of regular business operating hours. MSPs can also help cover things like sick or vacation time, eliminating the need to pay overtime or stagger your staff’s schedules.

✅ Better Security – Splitting the responsibilities of your I.T. infrastructure between you and a third-party company creates layers of security, making entry into your organization more difficult for bad actors. Many companies choose to keep their most crucial I.T. functions in-house while offloading the rest to a managed service provider. Additionally, because MSPs focus on industry standards for cybersecurity management, you can rest assured knowing that they take every precaution to keep your business data safe.

✅ Less Burnout and Boosted Employee Morale – Business insights, improved strategies, quicker response times, professional consultations, and decision support are empowering tools that can help to foster a more positive employee culture among your I.T. team. By giving them the resources they need to be successful, you create a work environment that promotes longevity and reduces burnout.


The right co-management partner can transform your existing I.T. team by resolving tickets faster, supporting your staff during off-hours or peak times, meeting unique project needs, and keeping up with changing market demands and technological advancements.

As the leading MSP in Dayton, we offer technology and compliance assessments, personalized insights and recommendations, access to the latest technology, and a robust suite of managed services. If you’re interested in co-managed I.T., we can help you navigate options and put together a package that’s right for you.

Call us at 937.490.5600 or contact our team of I.T. experts today to learn more.

Cyber Risks in IoT Devices | Ransomware 3.0

Ransomware 3.0

Ransomware attacks continue to get worse. They have now expanded to extort not just the companies, but also contractors and customers, in a “Triple Threat”. In addition to encrypting a victim company’s data, they will also exfiltrate, or download, copies of company data and emails. They will ask for one ransom to decrypt the computers, a second ransom to not make the stolen data public, and then the newest ransom attack. They reach out and present the data to customers, contractors, and business partners and demand a ransom from them in order to not have the data published. With phishing emails still being the number one attack vector for ransomware, be sure you have sufficient protection for your company. A combination of quality user education, phishing exercises and awareness campaigns, and system endpoint protections provides an in depth defense to this constantly evolving threat.

What does this mean for your business?

Back To Business I.T. has you covered. Our cybersecurity training programs are customized to meet the needs of your workforce and are designed to create a “human firewall” inside of your business. Building upon that, we offer state-of-the-art intrusion detection systems to stay one step ahead of cybercriminals. Don’t become a cyber statistic. Contact our team today and get Back To Business.

LinkedIn breach could mean your information was exposed

Just when you thought you had seen it all, think again! LinkedIn is the latest victim of phishing attacks. According to USA Today, firms are stating that cyber attackers are now posing as “boring, authentic, cubicle-office dwellers.” On top of these reported phishing attempts, CyberNews reports that the cyber attackers have also scraped data from 500 million LinkedIn accounts. The information leaked includes LinkedIn IDs, full names, email addresses, phone numbers, and various other sensitive information. Due to the leak of information, customers may be susceptible to increased email and text spamming or phishing.

What does this mean for your business?

Tighten up your security measures, and encourage your employees to do the same. Be conscious of strangers requesting to follow your LinkedIn profile. Consider changing your password periodically. Enable two-factor authentication for your account if possible. This additional layer of security serves as another barrier between your information and bad actors on the internet.

Manufacturing systems and IoT devices present high risk

IOT and other embedded manufacturing systems can present a high risk to your data and operations if not properly secured. Basic security steps can greatly improve your overall risk posture. From doorbells and cameras to CNCs and additive manufacturing systems, there are simple steps you can take to reduce the risk and exposure of the business side of your operations.

What does this mean for your business?

Your network is unique, and your security measures should be too. Your manufacturing systems and devices should be protected using industry best practices. Preventative steps such as changing default passwords, keeping your systems properly patched, and separating crucial systems from the rest of your network can make the difference between a few minutes of down time, and your entire operations coming to a halt. Our team is experienced in manufacturing environments, and passionate about our clients’ security. Contact us today to learn what we can do for your operations.

Microsoft announces 24 new issues posing cybersecurity threats

Microsoft announced the discovery of 24 issues in a wide range of IoT and OT devices. These issues allow malicious individuals to execute code on or crash your devices. This affects a wide range if industrial, medical, and enterprise devices. It is vital to your security to have an active inventory of the assets on your network, monitor them for vulnerabilities, and patch them regularly.

What does this mean for your business?

Our team of experts stands ready to help your organization take care of risks inside your network that you might not know are there. Cyberattacks are at an all-time high…and getting worse every day. We are here to help!

Cybersecurity risks continue to evolve, and so do our tools to fight them. We are passionate about protecting small businesses, and stay up to date on technology and cybersecurity best practices. Contact us today and let us show you how our cybersecurity services can help your business stay safe in an uncertain world.

Call us at 937-490-5600 or Contact Us to learn more or get started.

Cloudy with a Chance of Data Loss

What would happen if your company lost all of its email data? If you’ve yet to implement a backup solution for your Microsoft 365 data, you could be faced with that question if a cyber-incident occurs.

Over a million businesses use Microsoft 365 – chances are, you do too! By far the most popular productivity suite, this Microsoft product includes apps such as Outlook, Word, Excel, PowerPoint and others, depending on your configuration. But did you know that Microsoft is not responsible for backing up the data on in your Microsoft 365 suite?

Why Microsoft 365 Customers Need a Backup Solution

Many business owners using Microsoft 365 believe that their data is totally secure. The reality, however, is a different story. Although Microsoft offers many benefits in productivity, efficiency, and collaboration with Microsoft 365, the company doesn’t provide users with a comprehensive backup system for their underlying data.

Mechanical malfunctions and physical damage, hacking and theft, user error, and power outages all put user data at risk in the cloud. Protecting data has never been more important – hackers are now attacking computers and networks at a rate of one attack every 39 seconds. While companies do their best to prepare for these problems, no plan is foolproof, and stories of data loss are far from rare, with the average data breach costing small businesses $149,000. Furthermore, 60% of small businesses close their doors within 6 months of a data breach.

Cloud Backup Saves Data, Time, and Money

The fact is that having only one copy of important data is asking for trouble, whether it’s stored in the cloud or elsewhere. If your data isn’t backed up, you could be facing not only a loss of productivity as you scramble to rebuild, but also a loss in revenue and reputation.

Microsoft 365 is an excellent service that gives you access to your data from virtually any place at any time — and across many devices. As a software-as-a-service (SaaS) built on the industry-leading Azure public cloud, Microsoft 365 offers users high reliability, geographic redundancy, and secure connectivity.

This should not, however, be confused with a comprehensive data protection solution. Microsoft does not back up Microsoft 365 user data, so it recommends that customers use third-party solutions. Furthermore, Microsoft doesn’t protect data from common issues like file corruption or everyday human error. Nor does it offer a way to easily revert to older versions if something goes wrong beyond their normal data retention policy.

Back To Business I.T. can help you evaluate your options in addressing these shortcomings and specifically discuss how implementing a backup solution can be cost-effective and seamless and offer peace of mind.

Our Cloud Backup Service Is Easy to Use, and Recovery Is Fast

Not all backups are created equal, however. When looking into a solution that can protect your data stored in the cloud, there are a few fundamental questions you should be asking your vendor:

  • What data is actually being backed up?
  • How is the backup data being stored and protected?
  • How often is data backed up, and for how long?
  • How easy is the data restoration process?

Our Cloud Backup Service is a flexible, agile, and reliable solution that offers comprehensive data protection across the full Microsoft 365 tenant, unlimited storage and retention of user data, and a hassle-free setup and run experience. Better yet, data-recovery means you can have peace of mind that your company can be up and running with minimum downtime.

There are several things to consider when selecting a cloud backup solution – and our team of experts can help with that! Our team can customize an approach that works for the company data that should be protected as well as other business and budgetary needs.

Contact our team today to learn about our Cloud Backup solution for your Microsoft 365 data. Click here to a call or here to send us a note today!

Data Backups: Planning for the Win

Your company’s most precious business resource is its data. What is your game plan for protecting it?

Data loss cripples businesses – studies show that over 50% of businesses hit by a cyber-criminal close their doors within 6 months. What measures are you taking while cyber-criminals step up their game? If your game plan doesn’t include backups, you’re effectively planning to lose when (not if) a cybersecurity breach occurs. Don’t like losing? Let’s go over some game plan essentials to get that win.

Consider the elements

Even with strict information controls and excellent maintenance of technology, avoiding data loss incidents is all but impossible. You can account for what you can control – and that’s about it. Aside from the usual suspects – ransomware, human error, and technology failure – there are other forces that could destroy your business if you don’t have proper backups. Don’t let other variables, such as natural disasters, structural fires, and theft, derail your business success. Create a DR (Disaster Recovery) Plan to use as your playbook for succeeding in less-than-ideal conditions, and position yourself to recover that data quickly.

A strong lineup

Not all backups are the same. Businesses have different needs and budgets and every backup strategy needs to consider both. Think of this as your line up. How long can your business afford to be “down” in the event of a disaster? What players need to stay in as long as possible? What data is affordable to lose? Priority should be given to the data essential to carry out your essential business functions. In the event of a breach, recovering that data quickly could spare you big losses.

Use a long term strategy

A winning game plan takes you all the way, right? Backups protect your data by ensuring you have a ‘copy’ of everything you need in case of compromise. How long should you keep those copies? The compliance and regulatory requirements for your industry should guide how long you keep data backups. A good long-term strategy accounts for not just unexpected events, but also compliance requirements to ensure your data is there whenever you need it.

Plan for the wildcard

People are a constant variable in the biggest upsets. In times of emotional distress, employees often make poor decisions. Almost 75% of departing employees admit to taking company data in some form. 70% of intellectual property theft occurs within 90 days of an employee’s resignation. Worse yet, even more malicious activity can occur and hostile actors inside the workplace, unfortunately, purposefully delete data. Plan for the wildcards by having timely backups and enjoying peace of mind knowing you can get back to normal after a compromise.

The competitive advantage

If a disaster were to hit your area, how quickly would your business recover? How quickly would your competitors recover? Implementing a disaster recovery plan through effective backups ensures quick restoration and minimizes down time. Make backups your competitive advantage by ensuring you can get back on your feet faster and more effectively than your competitors.

A strong game plan accounts for all known and unexpected factors. It includes an aggressive offense for the things we can predict, and a solid defense for the sudden and unexpected. Plan for the win – backup your data and get Back To Business.

Want to secure a win for your business?

Our team will work with you to create a custom DR plan that fits your business needs, the data you need to protect, and your budget. Click here to call or here to send us a note today!

What is an RPO?

Throughout 2020, the U.S. Department of Defense released details surrounding the Cybersecurity Maturity Model Certification (CMMC) requirements for companies in the defense industrial base (DIB). These new consolidated cybersecurity requirements are driving suppliers and contractors to dedicate time, money, and other resources to strengthen their cybersecurity strategy to meet compliance. Depending on the company’s existing cybersecurity posture, some will have much more work to do than others, and they will all need professional guidance.

It’s no surprise that the market has been recently flooded with consulting firms claiming to be experts in CMMC compliance requirements. Keep in mind that not all third-party consultancies are created equal. As a small business, we understand how important it is to properly vet vendors, and make sure you’re getting the most out of every dollar you assign to projects like these.

The CMMC Accreditation Body (CMMC-AB) has introduced five certifications and authorizations to differentiate entities offering CMMC compliance services. These are:

  • Certified Third-Party Assessor Organizations (C3PAO)
  • Registered Provider Organizations (RPO)
  • Registered Practitioners (RP)
  • Certified Professionals (CP)
  • Certified Assessors (CA)

We’re happy to provide some details regarding the RPO authorization, and what is involved.

RPOs like The Greentree Group are authorized by the CMMC AB to provide consulting services to government contractors and other companies in preparation for their CMMC assessments. We can also assist during these assessments if there is a finding that will prevent you from attaining your desired CMMC maturity level. However, we do not conduct certification assessments, and we do not grant certified status. Only C3PAOs are equipped to conduct these certification assessments. As an RPO, we are here to provide CMMC guidance and support to companies impacted by these new regulations. It’s important to remember that C3PAOs cannot provide guidance unless they’re also certified as an RPO – and even then, they cannot offer the same services (assessment + guidance) to the same company.


WHAT GOES INTO BECOMING AN RPO

A company must do the following to become certified as an RPO:

  1. Be an entity owned by a “US person”.
  2. Be registered with the CMMC-AB in order to receive authorization to use the official logo distributed by the CMMC-AB.
  3. Sign an RPO agreement, reflecting a commitment to comply with the CMMC-AB Code of Professional Conduct.
  4. Clear an organizational background check.
  5. Have at least one Registered Practitioner (RP) on their team. An RP is specially trained and authorized by the CMMC-AB to deliver “non-certified advisory services informed by basic training on the CMMC standard” at all times.
  6. Pay an annual registration fee.

These requirements put in place by the CMMC-AB are helpful for companies seeking certification because they provide a measure of legitimacy. As with any new regulations or rules, there will be many companies claiming to be experts in the field, and competing for your business. By selecting a company that has attained its RPO authorization, businesses can be confident that their choice is well suited for the job and committed to CMMC standards.


CHOOSING THE RIGHT RPO FOR YOUR COMPANY

RPO authorization is an important consideration when choosing a provider- but there are other things you should keep in mind. Other important questions you may want to ask –

  • How much experience does the RPO have in cybersecurity and maintaining compliance in highly regulated spaces?
    • The Greentree Group has supported both DoD programs and DIB clients with obtaining and maintaining required cybersecurity compliance for over a decade
  • Do they have experience with other frameworks such as CIS CSC, NIST SP 800-53, NIST SP 800-171, and ISO 27001?
    • Greentree has cybersecurity experts for the cybersecurity framework you require
  • How knowledgeable are they about the defense contracting environment?
    • Greentree’s cybersecurity team has a combined 50+ years of defense contracting experience
  • How many years have they been in business? Are they well-established?
    • The Greentree Group has been in business for 26 years with an established reputation for excellence in customer support
  • How easy is it for the provider to scale efforts appropriate to your business?
    • We support clients of all different sizes and architectures, as your business grows our support for your cybersecurity needs can grow with you

Note: Back To Business I.T. is a service brand of The Greentree Group.


WHY IS THE RPO AUTHORIZATION IMPORTANT FOR YOUR BUSINESS?

The new CMMC-AB authorization process for RPOs is an effective way for companies to sift through the increasing chatter in the CMMC consultancy space. The RPO certification signals that a consulting firm is invested in the CMMC space, and has committed to cybersecurity best practices. By visiting the CMMC marketplace, companies can look for certified RPOs in their area and reach out on their own terms.

We are authorized by the CMMC-AB as an RPO, and ready to guide your business along in the CMMC journey. Are you ready to learn more? [sg_popup id=”935″ event=”click”]Send us a note[/sg_popup], and one of our cybersecurity experts will be happy to provide more information about CMMC compliance.

We Are Now Authorized as a CMMC-AB Registered Provider Organization (RPO)

We are now a Cybersecurity Maturity Model Certification (CMMC) Registered Provider Organization (RPO) authorized by the CMMC AB. This new achievement solidifies our position as a leader in CMMC compliance solutions and services meant to protect government data in defense contractor systems. According to the National Accreditation Board, CMMC-AB is an independent accreditation body “responsible for establishing, managing, controlling, and administering the CMMC assessment, certification, training, and accreditation processes for the Department of Defense (DoD) supply chain.” Our new Registered Provider Organization (RPO) status reflects our commitment to the CMMC Accreditation Body (AB) code of professional conduct. It allows our company to provide advice, recommendations, and consultation to our customers as they seek their own CMMC-AB certifications.

Since 1993, The Greentree Group has been providing comprehensive professional services and technology solutions to small and medium-sized organizations, including:

  • Cybersecurity solutions
  • I.T. Support
  • Cloud Solutions
  • Technology Strategy

We offer a suite of comprehensive business technology services to include solutions which support Cybersecurity Maturity Model Certification (CMMC) compliance. Our team of cybersecurity experts assist defense contractors in becoming CMMC audit ready by implementing technical solutions and developing documentation and policies required by CMMC. In addition, we provide options for ongoing services to maintain compliance after certification.

CMMC SUPPORTS IT MODERNIZATION AND SUPPLY CHAIN SECURITY

CMMC is a new cybersecurity compliance standard that will be required for contractors to bid and win DoD contracts. The Defense Federal Acquisition Regulation interim rule took effect on November 30, 2020 and initial assessments are expected to begin in calendar year 2021.

CMMC-AB authorized RPOs provide advice, consulting, and recommendations to their clients. They are the implementers and consultants, but do not conduct Certified Assessments. They understand the CMMC Standard, and are qualified as:

  • Aware – Employs staff trained in basic CMMC methodology
  • Registered Practitioner Staffed – Offers CMMC trained consultative services
  • Targeted – CMMC assessment preparation
  • Trusted – Bound by a professional code of conduct

View our listing on the CMMC-AB Marketplace!

Ready to learn more? Our team of cybersecurity professionals would be happy to provide more details about the CMMC requirements, and what they mean for your business. Send us a note!

Back To Top