CMMC Assessments May Resume in January
The long-awaited time of reckoning with the Cybersecurity Maturity Model Certification (CMMC) program is on its way early in 2022…or is it? After some stumbles throughout 2021, including the announcement of a CMMC 2.0 before 1.0 ever took effect, there has been chatter about assessments for CMMC beginning as soon as late January. But, once again, the Department of Defense (DoD) will let all of us know for certain.
Officials from the CMMC Accreditation Body, the governing organization responsible for implementing the CMMC program, said assessments performed by the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) could resume for organizations that will be tasked with evaluating defense companies’ cybersecurity posture by the end of January.
Procedure for certified third-party assessment organizations (C3PAOs) should resume by the end of January, but the DoD has the final say on the timeline.
Organizations that were already in process when DoD paused implementation to restructure the program after a series of reviews have had their assessments rescheduled, and new ones are being added to the queue. Also, the DIBCAC process is being updated to reflect the changes made to the CMMC program.
Once C3PAOs complete the program, they can begin conducting assessments on defense companies. Those assessments, however, would be completely voluntary as the CMMC program goes through the rulemaking process – a process that could take up to two years. The timing also will be affected by when the administrative tasks, such as preparing the IT systems assessment organizations will use to upload the assessment data and update documentation to incorporate program changes, are complete.
Make a New Year’s resolution to review your CMMC compliance with an independent auditor before the federal government reviews your system. 2W Tech is an excellent partner for this process. 2W Tech has a Cybersecurity Compliance Program that is designed to support our clients’ compliance obligations. Most organizations must abide by and maintain a standard of controls – including CMMC – that safeguard the confidentiality and privacy of information stored and processed. We work hand in hand with you to learn more about your required compliances, help obtain proper agreements, and access relevant system architecture information. Give us a call today to get started on your journey to achieving compliance.