What is the Cybersecurity Maturity Model Certification (CMMC)?
ITAR is the US regulatory regime to restrict and control the export of defense and military related technologies to safeguard U.S. national security and further U.S. foreign policy objectives. When ITAR was rolled out, it became self-attestation for adherence to guidelines. This means, companies can state they have put controls in place, without getting a third party involved or having to prove they actually are to standard.
The Cybersecurity Maturity Model Certification (CMMC) is the next stage in the Department of Defense’s (DoD) efforts to properly secure the Defense Industrial Base (DIB). So basically, the DoD announced that it is creating a cybersecurity assessment model and certification program. This announcement signals to the industry that simply stating you are compliant is no longer an option. Actions speak louder than words.
Contractors will now be evaluated upon the implementation of actual technical controls, in addition to their documentation and policies. These evaluations will lead to a level certification of 1 to 5, 5 being the most secure. The higher your company certifies, the more contracts you will be eligible to bid on. The CMMC level requirement will flow down to all subcontractors. They also state all future RFPs will require a CMMC level regardless of handling Controlled Unclassified Information (CUI).
DoD will begin development of the certifier accreditation program by January 2020 and start the accreditation process by June 2020. Therefore, it is likely to see the first accreditations in the latter half of 2020 and contractor evaluations starting shortly after that.
If you sell or are going to sell to the government, this affects you. There are many steps your business can be taking today to prepare for CMMC. You don’t need to go at it alone. Give 2W Tech a call today and let us help your business prepare for the Cybersecurity Maturity Model Certification and give you audit support. 2W Tech is a full-service IT Consulting firm that has a proven track record with our Cybersecurity Compliance Program.