About Partners Contact Client Portal
LinkedIn Twitter
Services Industries Insights & Events Careers & Culture

Services

RubinBrown specializes in providing a comprehensive range of services to meet business and personal needs. Whether you require expert tax, strategic business consulting, audit services or more, RubinBrown's team of experienced professionals are here to support you.

View All Our Services
Assurance Services
Benefit Plan Audit Services Public Company Services SOC Examinations, IT Audit, & Third-Party Risk
Consulting Services
Business Process Improvement Services Business Restructuring & Bankruptcy Services Cyber Security Services Environmental, Social and Governance Services ERP & Enterprise Software Advisory Fraud & Forensics SOC Examinations, IT Audit, & Third-Party Risk Information Technology Services Litigation Services Mergers & Acquisitions Services Risk & Internal Audit Services Valuation Services
Entrepreneurial Services
Outsourced Accounting & Advisory Services
Tax Services
Federal Tax Services Private Client Services Credits & Incentives Services State & Local Tax Services
RubinBrown Advisors RubinBrown Corporate Finance

Industries

At RubinBrown, we bring experience across a range of industries. Our experience enables our professionals to offer tailored solutions catering to the intricacies of each sector. Our professionals have years of focused engagement and skills, allowing them to navigate industry-specific challenges to benefit our clients.

View All Our Industries
Colleges & Universities Construction Gaming Healthcare Law Firms Life Sciences & Technology Manufacturing & Distribution Not-For-Profit Private Equity Public Sector Real Estate Transportation & Dealerships

Insights & Events

At RubinBrown, we provide valuable insights detailing emerging trends and industry-specific information. Our events, hosted virtually and in-person, keep you informed and connected to the topics and industries that matter most to you and your organization.

View All Insights & Events
Jun 11

RubinBrown’s Leveraging Technology for Business Success

Learn More & Register
Jun 17

RubinBrown’s Rural Health Webinar Series

Learn More & Register

RubinBrown Sports Betting Index: March 2025 Analysis

Learn More

Tax Bill Watch 2025: Budget Resolution Compromise

Learn More

Careers & Culture

At RubinBrown, we are inspired team members, working as one firm, living our core values, and Being Our Best for Others while delivering totally satisfied clients. We invite you to learn more about the Firm's culture, the Be Your Best for Others mentality, and explore the available opportunities at RubinBrown.

Discover Our Culture
Baker Tilly International Campus Recruiting Diversity & Inclusion Experienced Recruiting RubinBrown Charitable Foundation Join The Team
Back to Cyber Security Services

Cybersecurity Maturity Model Certification (CMMC)

RubinBrown’s team of experienced professionals can help your organization by assessing readiness, supporting and preparing you for certification, and providing on-going CMMC management.

Cybersecurity Maturity Model Certification (CMMC)

RubinBrown’s team of experienced professionals can help your organization by assessing readiness, supporting and preparing you for certification, and providing on-going CMMC management.

The CMMC framework consists of the security requirements from NIST SP 800-171 Rev 2, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, and a subset of the requirements from NIST SP 800-172 Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171. There are three levels within CMMC - Level 1, Level 2, and Level 3.

  • Level 1: Encompasses the basic safeguarding requirements for Federal Contract Information (FCI) specified in FAR Clause 52.204-21.
  • Level 2: Encompasses the security requirements for CUI specified in NIST SP 800-171 Rev 2 per DFARS Clause 252.204-7012.
  • Level 3: Information on Level 3 will be released at a later date and will contain a subset of the security requirements specified in NIST SP 800-172.

The first step in the process is to go through a CMMC Readiness Assessment to determine how your organization is meeting the requirements and what needs to be done before a certifier arrives to audit the environment. Following the readiness review, the organization can focus on remediation efforts, improving the environment, and making sure they are prepared for a certification audit. Prime contractors are already working through the process and are pressuring their subcontractors to take the necessary steps to meet or exceed requirements in preparation for the certification. Smaller subcontractors will be included in the process over the next 12 to 18-months. If your organization is in the supply chain for the DoD, it is time to prepare for CMMC.

RubinBrown’s team of experienced professionals can help your organization by:
  • Readiness Scoping
    • Identifying and documenting the scope of the standards to your environment
    • Augmenting your IT department with specialists who convert your knowledge of your environment into the requirements to meet the standards
  • Readiness Assessment
    • Working with your team to assess your readiness over a 3 to 4-week period addressing approximately 110 controls and planning the remediation effort
  • Remediation
    • Assisting with planning, tracking, and performing remediation, as needed, working directly with your team
  • Certification Preparation & Support
    • Preparing your team for the C3PAO (Third-Party Certifier) audit of your environment and interfacing with the certifier if any clarifications are needed during their audit
  • Post-Certification Support & Consulting
    • Reviewing internal and external changes to your environment along with consulting on updated DoD requirements
  • CMMC Managed Compliance Services
    • Monitoring and managing the ongoing efforts to stay complaint with CMMC policy and implementation changes
 The deliverables from the effort include:
  • Management Reporting
    • IT Risk Assessment Report 
    • Gap Analysis and Recommendations for Technology, Human Capital and Policies
  • CMMC Remediation Roadmap
    • NIST SP 800-171 & CMMC Remediation Roadmap, including the following Government Requirements and Certification Guidelines:
      • NIST 800-171 Reports (Existing Requirement)
      • NIST 800-171 System Security Plan (SSP)
      • NIST 800-171 Plan of Actions and Milestones (POA&M)
      • NIST Cybersecurity Framework (CSF) for Critical Infrastructure (As Required)
    • Cross-Over Audit for Additional Frameworks
      • Reports will highlight controls that cross-over to additional frameworks beyond the DoD CMMC, NIST 800-171, NIST CSF including ISO, PCI-DSS among others
Drawing from our experience developing SSPs and POA&Ms, assisting our clients with compliance remediation plans, and years of experience in the industry, we help our clients through the preparation phase, so they are ready when it is time for the formal certification audit.
 

Contact Us

Cybersecurity Maturity Model Certification (CMMC) Services

Robert Rudloff, CISSP, CISA, QSA, CMMC RPA Partner rob.rudloff@rubinbrown.com 303-952-1220

Insights & Events

View All Insights & Events
Insight Article

Preparing for CMMC Compliance: Get Started!

Read This Article
Insight Article

Managing Business Email Compromise and Fraud Attacks

Read This Article
Insight Article

Application Situation: Third Party Patching

Read This Article

Be Your Best for Others at RubinBrown

At RubinBrown, our firm fosters a culture built upon five vision points, and are guided by our philosophy of Being Our Best for Others. Discover how you can be your best at RubinBrown today by visiting our Careers & Culture Overview for available opportunities and more.

Discover Our Culture

Join Our Mailing List

RubinBrown periodically sends breaking regulatory updates, technical summaries, industry-specific information and event (in-person and virtual) invitations through electronic newsletters.

Sign Up for Our Communications
1-800-678-3134 Certified Public Accountants & Business Consultants

Ranked a Top 50 Accounting Firm by Inside Public Accounting

Firm News Disclaimers Privacy Policy Client Payment © 2025 RubinBrown LLP
RubinBrown Executive Recruiting RubinBrown Advisors RubinBrown Corporate Finance