CMMC

The United States Department of Defense (DoD) requires the utmost protection for all of its assets and procedures. As the department directly responsible for national security and the wellbeing of all American citizens, threats of cybersecurity targeting DoD are uniquely potent. 

With the Department of Defense (DoD) moving away from self-certification models, industries now have new issues facing them if they choose to continue supplying the Defense Industry Base (DIB). The Cybersecurity Maturity Model Certification (CMMC), is now a requirement for all DoD contractors. 

Sensitive data and information correlated to the U.S. Department of Defense (DoD) actions are hacked and compromised on a continuous basis and it is a problem for every DoD contractor. The U.S.federal government has put in place a severe and critical update to its cybersecurity model. The latest Cybersecurity Maturity Model Certification (CMMC) puts a huge and necessary focus on data within DoD contractors, subcontractors and supply chain organizations’ networks.

New changes have been made to the cybersecurity requirements DoD (Department of Defense) contractors need to meet for compliance. Version one of the CMMC (Cyber Maturity Model Certification) model was released in January 2020 and all DoD contractors must be certified before they can bid on a government project.

Cybersecurity Maturity Model Certification (CMMC) is the new framework for protecting Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). It applies to all companies who are either contractors or subcontractors with the Department of Defense (DoD). It is estimated that there are around 300,000 companies who do business within the Defense Industrial Base (DIB) who will need to comply with the new regulations.

Though the CMMC Advisory Board has been formed, they have yet to train any Third-Party Assessment Organizations to certify anyone, so certification is not yet possible. But, as we will see, you can do a lot to get your proverbial ducks in a row right now. In fact, it will greatly benefit your organization when it comes time to seek certification to start working toward your desired Level of compliance because it is going to be a mammoth undertaking for those who have been fast and loose with documentation and controls for a while.

Cybersecurity Maturity Model Certification (CMMC) is an assessment model designed by the DoD (Department of Defense) to protect sensitive unclassified information. CMMC looks at several security standards used by the military and its defense contractors. Originally passed in 2018, CMMC has been revised several times but its main framework remains the same.

In 2020, DoD (Department of Defense) contractors will be required to have adequate cybersecurity protocols in place. This is in response to several security breaches that have occurred in recent years. One of the most notable was the October 4th, 2018 breach that affected over 30,00 civilian and military contractors.

The new Cybersecurity Maturity Model Certification (CMMC) is meant to simplify the process of compliance for all companies who work with Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) along the Department of Defense (DoD) supply chain. An explanation of what is considered CUI is in the Organization Index Grouping of Defense that can be found here. Draft v0.7 has been released, and the final draft, v1.0, is slated for release in January 2020. It is recommended that companies review v0.7 to begin to prepare for compliance dependent on the level of DoD CMMC certification that will be required for them to be able to bid projects.