CMMC is Coming in 2021
The Cybersecurity Maturity Model Certification (CMMC) is expected to roll out during the first half of 2021. Like any new certification model, it can be daunting to determine what new requirements your organization needs to follow. However, if you’re a contractor that conducts business with the Department of Defense, the time to act is now.
Basically, the CMMC combines and replaces existing compliance standards like NIST SP 800-171, 48 CFR 52.204-21, DFARS clause 252.204-7012 while expanding security and reporting standards.
While there is a lot for contractors to wrap their minds around, there are two main points to consider this year when it comes to CMMC – starting in the spring of 2021, the Department of Defense will begin the staggered rollout, requiring CMMC compliance for RFIs and RFPs. By 2026 bidding on any DoD contract will require CMMC compliance.
Also, you are no longer allowed to self-report. To be certified as compliant, contractors must pass an audit by a certified third-party assessment organization (C3PAO). Presently, there are no qualified assessors, but the training for the initial group of assessors began in September of last year.
In other words, there’s no time like the present to start implement CMMC, then find a C3PAO to certify you as compliant as soon as the qualified assessors have been trained.
There is no need to tackle CMMC compliance on your own. Partner with 2W Tech to keep you in compliance. Contact us today to get started with your Cybersecurity Compliance Program and let our IT consultants do the work for you.