Capture2Proposal will maintain a CMMC compliance assertion by an independent licensed third-party assessment organization to give our customers the confidence that we have implemented robust cybersecurity to protect their data. We can provide the documentation you need to prove that our system complies with the necessary guidelines when you need to list your tools for your own security audits.
You can be assured that:
- Capture2Proposal, as a SaaS vendor, meets the government standards for certified security credentials and capabilities,
- Capture2Proposal’s security policies and control are consistent with government standards for SaaS applications,
- Capture2Proposal, as a third-party provider, protects their Controlled Unclassified Information (CUI) to accepted industry standards and is a trusted, secure partner in achieving their business goals.
Capture2Proposal is the only BD/Capture/Proposal Management solution that fully meets – as proven by independent attestation – those security controls and current CMMC compliance guidance.
Beyond Compliance – a Competitive Advantage
CMMC compliance will eventually be essential for GovCons working with the DoD as the DoD roles out the requirement over the next several years, but there are compelling reasons for every GovCon to be compliant with NIST SP 800-171, and therefore DFARS 7012, as soon as possible:
- It’s a good, enduring practice
- It sets them up for future CMMC compliance certification, as it evolves, to be evaluated by a C3PAO
- It avoids Prime or Sub data management risks during Capture and Proposal Development, Post-Submission and Post-Award.
- It ensures the proposal will meet Section L/M requirements and evaluation factors in the future – and will be a differentiator and strength for your firm at this time.
- It increases your PWin (Probability of Win)
Why is CMMC Compliance Necessary for your BD & Proposal Management?
Data managed by your business development, capture, and proposal management system(s) can be subject to CMMC, whether due to ‘marking’ by the government, by the prime contractor, or information created by your own team that is FCI or CUI. Federal Contract Information (FCI) is typically associated with Level 1 of CMMC, while CUI is associated with CMMC Level 3.
Cybersecurity advisory firm Summit 7 who has helped more than 400 government contractors meet DFARS 7012, and CMMC, commented:
“FCI data and content can be found in the vast majority of proposal submissions and the systems that contain those capture efforts. In fact, CMMC provides an example in the appendix for Access Control (AC) 1.003 where a business development and proposal team is creating an RFP/RFI/RFQ response to the DoD. And where there’s FCI, there’s likely CUI, and where there’s CUI – you will need to meet Level 3. It also doesn’t make sense to have part of your infrastructure secure, and the other systems configured to Level 1 or less.”