If your company currently works closely with the Department of Defense (DoD) or plans to begin a lucrative partnership with the military, you will soon need to acquaint yourself with a managed security service provider (MSSP) that’s been vetted by the Cybersecurity Maturity Model Certification Accreditation Body (CMMC AB). There are many such organizations and many different kinds you’ll find on the CMMC AB Marketplace.
If your organization currently works as a contractor with the Department of Defense (DoD), compliance is likely a critical component of your contract. Current Defense Federal Acquisition Register Supplement (DFARS) requirements include adherence to the National Institute of Standards and Technology (NIST) Special Publication 800-171 (SP 800-171). However, your next contract will likely require CMMC implementation.
The Cybersecurity Maturity Model Certification (CMMC) is right around the corner.
By 2025 all Department of Defense (DOD) contractors will be required to have CMMC, and you will need a certified third-party assessment organization (C3PAO) to grant certification.
Working with the US Department of Defense (DoD) is an attractive opportunity for contractors in various industries. There is honor in working with the largest, most powerful military, and achieving “preferred contractor” status can also be lucrative. That said, it’s not easy to achieve this status. You’ll need to be compliant with regulatory frameworks and keep abreast of every update published by the DoD, such as the most recent one on how to safeguard CUI or controlled unclassified information.
A CMMC gap assessment is a necessary procedure to measure an organization’s compliance when it comes to the NIST 800-171, a document covering the protection of controlled unclassified information in non-federal systems and organizations.
The effectiveness of your existing controls relating to NIST 800-171 will come under scrutiny. If your company fails to comply with government rules and regulations, the ramifications to your organization can be grave.
Working as a contractor with the US Department of Defense (DoD) can provide lucrative short- and long-term opportunities for partnering companies. But it also requires strict adherence to multiple cybersecurity frameworks. The most recent of these, which has an ongoing roll-out, is the new Cybersecurity Model Maturity Certification (CMMC) framework. This framework is presided over by the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD-A&S).