Kratos Defense & Security Solutions, Inc. announced that Juniper Networks has awarded the company a second Cybersecurity Maturity Model Certification (CMMC) Advisory Services contract. Kratos will update their existing System Security Plan (SSP) to meet the CMMC Level 3, National Institute of Standards and Technology (NIST) SP 800-171 and DFARS clause 252.204-7012 compliance requirements using Juniper solutions. The CMMC is a unified security standard and a certification process developed by the U.S. Department of Defense (DoD) to protect the security of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within the Defense Industrial Base (DIB). The SSP captures the security requirements of a system, describes the implementation state of security controls within the system and identifies responsibilities and expected behaviors of all individuals who interact with the system. As such, it is a critical CMMC requirement. The SSP will include a mapping of security controls to NIST SP 800-171 and CMMC security controls. Also included in the award is a Plan of Action & Milestones (POA&M) that will include existing gaps, as identified during the previously completed CMMC Gap Assessment, performed by Kratos. Consisting of five maturity levels of security practices ranging from Basic to Advanced, CMMC will be phased into DoD RFPs by early 2021. A CMMC Third-Party Assessment Organization (C3PAO) will be required to conduct assessments on organizations seeking a CMMC level certification. Kratos was recently accredited as a C3PAO by the CMMC-Accreditation Body (AB).