CMMC

It has been quoted by the Department of Defence (DoD) that cybercrime cost the economy $600 billion in 2016. Amongst the economic costs to the economy, there are also opportunity costs that come in the form of threats to national security. These factors, amongst other things, spawned the creation of the Cybersecurity Maturity Model Certification (CMMC). In this article, we will be exploring the CMMC Level 1 controls.

In 2019 the Department of Defense (DoD)—in conjunction with John Hopkins University Applied Physics Laboratory (APL) and the Carnegie Mellon University Software Engineering Institute (SEI)—began a review of the various cybersecurity standards.

Their mission: to forge the various practices into a single unified cybersecurity standard in order to secure the DoD supply chain.

Its name: the Cybersecurity Maturity Model Certification (CMMC)

Although the novel cybersecurity framework is still in the process of being built out, it’s estimated that a selected group of DoD contractors will undergo audits as soon as the year’s end.

Cybersecurity Maturity Model Certification (CMMC) costs can be expensive. However, if your business has a contract with the Department of Defense (DoD), certification is a must. This applies to Prime and subcontractors of both large and small companies.

Technological theft, espionage, “a threat to national security” – terms that are becoming all too familiar to the Department of Defence (DoD). In recent years with the increasing turbulence of cyberattacks, the DoD has been looking toward a more stringent compliance framework to quell the fires of cyberattacks along the Defence Industry Base (DIB) supply chain.

Enter the Cybersecurity Maturity Model Certification (CMMC).

For contractors that engage with the DoD, the CMMC is the new standard to abide by. In this article, we will discuss the Do’s and Don’ts of CMMC, but first a brief introduction to the model.

Cybersecurity is a crucial concern for every business in the world. No matter the kind or size of organization, it’s always imperative to safeguard against cybercrime to prevent loss of sensitive information and other related risks, such as theft and extortion. The threats posed by hackers and other bad actors are even more significant when it comes to matters of national security.

The United States Department of Defense (DoD) requires the utmost protection for all of its assets and procedures. As the department directly responsible for national security and the wellbeing of all American citizens, threats of cybersecurity targeting DoD are uniquely potent. 

With the Department of Defense (DoD) moving away from self-certification models, industries now have new issues facing them if they choose to continue supplying the Defense Industry Base (DIB). The Cybersecurity Maturity Model Certification (CMMC), is now a requirement for all DoD contractors. 

Sensitive data and information correlated to the U.S. Department of Defense (DoD) actions are hacked and compromised on a continuous basis and it is a problem for every DoD contractor. The U.S.federal government has put in place a severe and critical update to its cybersecurity model. The latest Cybersecurity Maturity Model Certification (CMMC) puts a huge and necessary focus on data within DoD contractors, subcontractors and supply chain organizations’ networks.

New changes have been made to the cybersecurity requirements DoD (Department of Defense) contractors need to meet for compliance. Version one of the CMMC (Cyber Maturity Model Certification) model was released in January 2020 and all DoD contractors must be certified before they can bid on a government project.

Cybersecurity Maturity Model Certification (CMMC) is the new framework for protecting Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). It applies to all companies who are either contractors or subcontractors with the Department of Defense (DoD). It is estimated that there are around 300,000 companies who do business within the Defense Industrial Base (DIB) who will need to comply with the new regulations.

Though the CMMC Advisory Board has been formed, they have yet to train any Third-Party Assessment Organizations to certify anyone, so certification is not yet possible. But, as we will see, you can do a lot to get your proverbial ducks in a row right now. In fact, it will greatly benefit your organization when it comes time to seek certification to start working toward your desired Level of compliance because it is going to be a mammoth undertaking for those who have been fast and loose with documentation and controls for a while.