CMMC is Short C3PAOs, So Get Compliant Today
If you’re a Department of Defense contractor, you’ve had the Cybersecurity Maturity Model Certification (CMMC) on the brain for some time. In fact, 2021 was supposed to be the year to get your systems in line with CMMC in order before assessors came to audit your systems for compliance.
However, as of this blog, odds are that you haven’t been certified. In May 2021, the first company to become a certified assessor was the Defense Industrial Base Cybersecurity Assessment Center. Since then, only three other companies have been approved.
Yes, you read that right. Only four companies have been anointed Certified Third-Party Assessment Organizations (C3PAO) by the DoD this year to audit 300,000 suppliers. That brings the grand total to 100 assessors. For context, 5,000 CMMC assessors are needed to review that supplier base.
The pain point of this situation for SMBs, of course, could be costs. The price to adhere to the CMMC process may cause many suppliers to opt out as DoD suppliers as the margins simply aren’t profitable enough to continue serving this sector.
This means the DoD is using the CMMC process to push good cyber hygiene into the ecosystems of the private sector, including educational institutions. Considering President Biden’s executive order regarding cybersecurity earlier this year and the chaos caused by the Colonial Pipeline ransomware attack, the feds appear to be serious keeping cybersecurity a top priority – even with provisional approval of its auditors.
Long story short, it’s a good time to review your CMMC compliance with an independent auditor before the federal government reviews your system. 2W Tech is an excellent partner choice for this process. 2W Tech has a Cybersecurity Compliance Program that is designed to support our client’s compliance obligations. Most organizations must abide by and maintain a standard for controls – including CMMC – that safeguard the confidentiality and privacy of information stored and processed. We work hand in hand with you to learn more about your required compliances, help obtain proper agreements, and access relevant system architecture information. Give us a call today to get started on your journey to achieving compliance.