Cybersecurity Maturity Model Certification (CMMC)
Are you a government contractor who has decided to sell to, or is already selling to, the Department of Defense? If so, it’s critical to understand and comply with the mandatory Cybersecurity Maturity Model Certification (CMMC) to be a successful government contractor.
According to the Office of the Under Secretary of Defense for Acquisition & Sustainment, CMMC is a unified cybersecurity standard for future Department of Defense (DoD) acquisitions. Contractors doing work or pursuing work with the DoD must meet certain cybersecurity requirements before they can be awarded a contract.
Levels
The CMMC is made up of five levels designed to help bolster security and safeguard sensitive data housed in the supply chain for organizations doing business with the federal government.
Based on the type and sensitivity of information needing protection and threats posed, the DoD has scaled processes and practices ranging from Level 1 (Basic Cybersecurity Hygiene) to Level 5 (Advanced/Progressive). The levels can be characterized as follows:
- Level 1 – Basic Cyber Hygiene (most companies will certify to this level)
- Level 2 – Intermediate Cyber Hygiene
- Level 3 – Good Cyber Hygiene
- Level 4 – Proactive
- Level 5 – Advanced/Progressive
The DoD delivered CMMC standards to a non-profit governing organization, the Accreditation Body (AB). The AB will certify third-party inspectors who will then certify companies against the CMMC levels listed above. By 2025, all DoD suppliers are required to have CMMC Certification. Now is the time to start planning your certification as other agencies may possibly adopt the same standards.
If you are interested in pursuing work with the Department of Defense, it’s important to educate yourself and ensure your company is compliant with the necessary CMMC requirements. Below, we’ve compiled a list of reputable resources for you to use and learn from as you pursue Cybersecurity Maturity Model Certification. If you have any questions about CMMC and what it means for your company, please contact us.
Resources
- The Office of the Under Secretary of Defense for Acquisition & Sustainment Website. Provides in-depth information on the CMMC Model updates and has answers to frequently asked questions.
- The CMMC Accreditation Body. Provides information for organizations seeking certifications and organizations looking to become a C3PAO.
- The National Defense Industrial Association (NDIA). NDIA members have access to webinars that provide updates on CMMC. The NDIA website also has a variety of resources available surrounding CMMC.