CMMC

Cybersecurity Maturity Model Certification (CMMC) is the new framework for protecting Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). It applies to all companies who are either contractors or subcontractors with the Department of Defense (DoD). It is estimated that there are around 300,000 companies who do business within the Defense Industrial Base (DIB) who will need to comply with the new regulations.

Though the CMMC Advisory Board has been formed, they have yet to train any Third-Party Assessment Organizations to certify anyone, so certification is not yet possible. But, as we will see, you can do a lot to get your proverbial ducks in a row right now. In fact, it will greatly benefit your organization when it comes time to seek certification to start working toward your desired Level of compliance because it is going to be a mammoth undertaking for those who have been fast and loose with documentation and controls for a while.

Cybersecurity Maturity Model Certification (CMMC) is an assessment model designed by the DoD (Department of Defense) to protect sensitive unclassified information. CMMC looks at several security standards used by the military and its defense contractors. Originally passed in 2018, CMMC has been revised several times but its main framework remains the same.

In 2020, DoD (Department of Defense) contractors will be required to have adequate cybersecurity protocols in place. This is in response to several security breaches that have occurred in recent years. One of the most notable was the October 4th, 2018 breach that affected over 30,00 civilian and military contractors.

The new Cybersecurity Maturity Model Certification (CMMC) is meant to simplify the process of compliance for all companies who work with Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) along the Department of Defense (DoD) supply chain. An explanation of what is considered CUI is in the Organization Index Grouping of Defense that can be found here. Draft v0.7 has been released, and the final draft, v1.0, is slated for release in January 2020. It is recommended that companies review v0.7 to begin to prepare for compliance dependent on the level of DoD CMMC certification that will be required for them to be able to bid projects.