Understand how MSI assists in compliance to ISO 27001 and the new DoD regulation, Cybersecurity Maturity Model Certification (CMMC).

ISO 27001

ISO 27001 is an international standard for information management. ISO 27001 provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system.


The “Information security risk assessment” requirements of section of ISO 27001 help to ensure the preparedness of the organization against potential cyber-security risk. Prior to the realization of an information security threat, organizations must have specific procedures in place for mitigating possible loss of confidentiality. This includes requirements that processes be in place to identify, analyze, evaluate and mitigate all information security risks.


Important to cyber-security, ISO 27001 includes the requirement that all personnel under control of the organization must be aware of the information security policy, the contribution of each person to the effectiveness of the information security management system, and the benefits of improved information security performance. Training and education play an essential role in the awareness of employees and contractors alike.

Cybersecurity Maturity Model Certification


CMMC is described as a "unified cybersecurity standard". The intent of CMMC is to build upon existing regulations, policy, and memoranda by adding a third-party verification component to cybersecurity protections.

The CMMC model describes the requirements that contractors must meet to qualify for certain maturity certifications, ranging from LEVEL 1, ("Basic Cyber Hygiene" practices and "Performed" processes) through LEVEL 5 ("Advanced/ Progressive" practices and "Optimized" processes.

Level 1

level 5

The CMMC was created in response to growing concerns by Congress and within the Department of Defense (DoD) over the increased presence of cyber threats and intrusions aimed at the Defense Industrial Base (DIB) and its supply chains. Due to the sharing of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) throughout the supply chain, the attack surface of the DoD has been greatly expanded. Cybersecurity is now a fundamental aspect of DoD acquisition. The CMMC will be a major change in the DoD approach to cybersecurity for defense contractors. The DoD appears to be looking for better methods to verify that its requirements are actually being satisfactorily implemented.

By the end of 2020 all parties that bid for work with the DoD must be compliant to at least the CMMC LEVEL 3

 What   management   Systems   improvement   can do foR   you 

MSI will perform a baseline assessment of an organizations information security environment to identify which level (if any) the client currently meets. Using our knowledge of multi-faced technologies, MSI will conduct further reviews and provide the necessary recommendations to move forward in a safer cybersecurity network.

MSI has competitive rates, qualified trained professionals, flexible hours, and a large database of information that is applicable to hundreds of businesses 


Helping businesses improve operations since 1993.

Cost-effective solutions in training, auditing and maintaining ISO 9001 (and all QMS disciplines) and ISO 14001, 45001, 27001 and CMMC registration.

Competitive daily rates and full access to our skilled, experienced team.

We help control your costs and effectively achieve your management- and performance-system goals.

Do you have a quality, management, or system improvement related technical, procedural or philosophical question?

Something bugging you? Looking for objective feedback or advice?

Click on MSI's "Ask An Expert" icon and we'll do our best to respond to you quickly and effectively.

Follow us on LinkedIn

  • MSI On LinkedIn

© 2020 by M.L. Enders Design for

Management Systems Improvement, LLC.
61 Balfour Avenue
Claymont, DE 19703

Phone:  860-478-7496