Working with Cianbro
As a successful Department of Defense (DOD) prime contractor, Cianbro seeks opportunities to partner with other professionals whose skills and expertise align with ours. These partnerships are vital as we pursue DOD projects because they provide our mutual customers with a best-of-the-best experience.
To ensure we continue to deliver our customers excellent work, we have strengthened our cybersecurity standards. This ensures eligibility for defense section work, which impacts how we manage contracts that contain sensitive information. These changes will specifically apply to contracts with the United States Department of Defense (DOD).
These standards have been strengthened due to the Cybersecurity Maturity Model Certification (CMMC) framework, a program designed to ensure contractors implement project-appropriate cybersecurity measures. Currently, The Cianbro Companies are focused on the first two CMMC Levels. Level 1 requires basic safeguarding of Federal Contract Information (FCI), through self-assessment of compliance with seventeen Federal Acquisition Regulation (FAR) Clause 52.204-21 practices, e.g., access control, identification and authentication, and system protection. Level 2 builds upon Level 1 and focuses on the protection of controlled unclassified information (CUI) in alignment with 110 practices prescribed by NIST SP 800-171. Compliance with these practices is affirmed by Certified Third-Party Assessment Organization (C3PO) audit.
To achieve CMMC Level 2 compliance, we’ve built a secure environment called The Cianbro Companies Enclave (TCC Enclave), which you as a Cianbro Companies subcontractor would gain access to after signing both a data use and pre-bid agreement for the specific opportunity that you’re interested in partnering on.
We appreciate your interest in working together on federal projects and look forward to our future partnership. Please complete a Working with Cianbro form to get the process started.
Cybersecurity Maturity Model Certification
As a contractor looking at CMMC L1 opportunities, you’ll recognize that access to CMMC L1 files must be protected. We do so by providing you first with a high-level description of the project. If it sounds like something that you’re interested in pursuing, sign a pre-bid agreement confirming that you understand the security requirements for protecting the files. Once signed, we provide you with access to the project's files.
Similar to CMMC L1 projects, after reviewing the opportunity and deciding whether you are interested in the work, you will sign a pre-bid agreement. In addition, if you have not previously signed a data use agreement, we will ask you to sign one confirming that you understand the restrictions under which you will be granted access to our TCC Enclave. At this point, you will also name the point(s) of contact that you would like to manage access for your team members. Signing these agreements indicates that you will comply with DOD’s requirements to protect controlled unclassified information. Once signed, a member of our team will reach out to your designated point of contact and walk them through the steps for setting up team member access to the TCC Enclave.
