What is the Cybersecurity Maturity Model Certification (CMMC)?
THE CYBERSECURITY MATURITY MODEL CERTIFICATION (CMMC) IS THE NEW CERTIFICATION PROCEDURE PUT IN PLACE BY THE DEPARTMENT OF DEFENSE (DOD) IN AN EFFORT TO PROPERLY SECURE THE DEFENSE INDUSTRIAL BASE (DIB). THIS CERTIFICATION VERIFIES THAT CONTRACTORS HAVE ADEQUATE CYBERSECURITY CONTROLS AND POLICIES IN PLACE TO MEET THE SECURITY STANDARDS OF THE MILITARY. THE DOD IS UNDERGOING AN INDUSTRY-WIDE CULTURAL SHIFT WITH SIGNIFICANT IMPACT AND ELEVATED PENALTIES FOR NON-COMPLIANCE. PENALTIES COULD INCLUDE THE LOSS OF DOD BUSINESS, PERSONAL AND CORPORATE LIABILITY, AND NEGATIVE CORPORATE BRAND IMPACT.
EVERY DOD CONTRACT THAT GOES OUT FOR PROPOSAL WILL HAVE A CMMC PRE-QUALIFICATION REQUIREMENT AND EVERY VENDOR ON THAT CONTRACT MUST HAVE A CMMC CERTIFICATION.
CMMC Certification Levels
The CMMC incorporates a variety of security controls from some of the other existing frameworks and standards. The CMMC has five cumulative maturity levels ranging from basic cyber hygiene to advanced security operations.
The levels are cumulative so compliance with a higher level requires meeting all of the previous lower level security and technical specifications.
Key Steps for Getting Ready for a CMMC Audit
The CMMC has launched as one of the most stringent cybersecurity standards ever developed, which is why it took months to develop. With 171 controls spread across 17 categories, CMMC is undoubtedly more comprehensive and arguably more thorough than any similar framework.
Regardless of what DoD information your organization will hold, transmit, or process, you’ll need to achieve the CMMC certification level listed in your contract. In fact, you can’t even bid on a DOD project unless you are CMMC certified and can provide proof.
To get started on the path to compliance, DIB companies need to determine if they are handling CUI. Once they determine where they currently are and what type of information they are handling, they should conduct a gap analysis and create a plan of action with milestones for how to get to where they need to be.
“The United States’ strategic competitors and adversaries are conducting cyber-enabled campaigns to erode U.S. military advantages, threaten our infrastructure, and reduce our economic prosperity. This constitutes one of our most critical national security concerns.”
Department of Defense
To take the first step in finding out more about how 2W Tech can help your organization align its security strategy and processes with CMMC, please complete the form below.
2W Technologies’ Help Desk is a great way to tap into the expertise that you need. Whether you need help with your Epicor ERP system or any networking solution, we are here to help.
Monday-Friday, 7:30 a.m. – 5:00 p.m. (Central time)
Reach us by telephone: 312.533.4033 ext 1.
Or fill out the help desk form below: