How OmniVista Consulting unlocked CMMC 2.0 Level 2 with effort to spare
OmniVista Consulting, LLC is a trusted provider of advanced AI, cloud cybersecurity, and enterprise IT solutions to the federal arm of the American government. Launched in 2015, the company works closely with the US Department of State, Department of Justice, Environmental Protection Agency, and other State/Local institutions, delivering cutting-edge artificial intelligence capabilities, zero-trust security architectures, and cloud-native modernization services.
Key requirements
A compliance solution to guarantee CMMC 2.0 Level 2 certification, enforce security best practices for new tech, bring clarity and structure to data risks, and provide 360-degree visibility into controls, risks, documentation, evidence, and more
Sprinto solution
An automated compliance monitoring platform with integrated risk and asset management, capable of scaling with security requirements and consolidating compliance building blocks in one place, backed by a team of certified compliance experts
The Challenge: Implementing advanced security for federal AI and cybersecurity services
For OmniVista Consulting, meeting the cybersecurity standards necessary to compete for defense contracts was the impetus behind pursuing compliance with the CMMC 2.0 Level 2 framework.
Linda Ge, founder and CEO of OmniVista, elaborates – “Defense contracts require rigorous quality checks and internal controls. CMMC Level 2 signals strong cybersecurity practices. As we deploy AI solutions for federal agencies, we need frameworks that protect sensitive algorithmic models and training data from sophisticated threats.”
OmniVista’s advanced capabilities required enhanced security measures, including:
- AI/ML model protection and secure development pipelines
- Zero-trust architecture implementation for federal cloud environments
- Advanced threat hunting using machine learning-enhanced platforms
- Quantum-resistant cryptography preparation
- Supply chain security for AI/ML software components
A traditional approach proved inadequate for AI governance requirements, algorithmic bias controls, and machine learning model security due to a lack of visibility and scalability.
The team needed a solution that could keep up with their growing AI practice and accommodate the unique compliance requirements of machine learning systems.
With Sprinto’s capabilities shining through in this category, OmniVista Consulting decided to pursue CMMC 2.0 Level 2 on the Sprinto platform.
I called up a few companies in our ecosystem before deciding on Sprinto, and the consensus was that Sprinto gives you the best value overall. Everything’s laid out including your evidence and things you need to fix, so I get to certification much faster.
The Solution: Effortless CMMC 2.0 Level 2 compliance powered by transparent risk management
OmniVista Consulting had already implemented the ISO 27001 standard using Sprinto before pursuing CMMC 2.0 Level 2, enabling the team to re-use some of those controls and documentation via Sprinto’s compliance crosswalks.
Next, the OmniVista team worked with Sprinto’s compliance experts and Intercert, a trusted assessor from Sprinto’s vetted auditor network, to conduct gap assessments and scoping analyses to segment assets handling Controlled Unclassified Information (CUI) and Federal Contract Information (FCI).
The three parties subsequently created an implementation plan with the findings from the gap assessments, and the OmniVista team got to filling up these compliance gaps.
OmniVista’s security team went about configuring access controls, implementing guardrails to enhance system security, creating incident response plans, and updating their policies for CMMC compliance. The team also utilized Sprinto’s templates for their security documentation and to create a System Security Plan (SSP).
As OmniVista got closer to CMMC-readiness, they could monitor the status of the controls already set up using Sprinto’s consolidated dashboard, along with the evidence collected and the checks that still needed work. This afforded Linda and the OmniVista team the visibility they needed to build confidence and fast-track preparedness.
Sprinto’s risk management module played a significant role in bringing visibility into CUI risks and streamlining the compliance process.
Sprinto’s pre-built risk register connected with OmniVista’s IT infrastructure, automatically pulled and identified the risks that mattered, and assessed these risks by calculating risk scores based on industry benchmarks.
The team assigned owners to crucial risks, built approval and mitigation workflows, and tracked both current risks and historical records to see how risks evolved over time, which helped enhance accountability.
The platform additionally brought task management up to speed by sending real-time notifications to control and risk owners before controls went into the red.
“Everything’s centralized in a repository and clearly categorized–my VP of engineering knows where to go to manage infosec risks and I know where and how to manage risks I’ve assigned for myself, so there’s total transparency,” explains Linda.
With implementation completed after ten months of onboarding, the team leaned on Sprinto’s continuous control monitoring to maintain ongoing compliance with CMMC 2.0 Level 2 and save nearly 80% of manual effort typically spent tracking control health.
Almost a year after getting Sprinto onboard, OmniVista Consulting was set for their Level 2 CMMC assessment, which went through without exceptions in no small part due to the team’s prep work.
We had an up-to-date visual of our compliance mapping, the risk matrix showing all the key metrics we needed to monitor, transparent executive reporting and high-level summaries of all our policies. So by the time assessments came round, we had all the information we needed for a smooth audit.
From asset discovery and configuration management to security controls and documentation, Sprinto’s got everything. It’s an all-in-one solution, and automation is the cherry on top. Overall, I’m very happy with the platform.