Read our new eBook to learn how the new DoD Cybersecurity Maturity Model Certification (CMMC) requirement impacts DoD contractors.
The road to CMMC compliance may seem long and difficult, but this guide makes it much less daunting by explaining each and every step contractors need to take in order to prepare for it, achieve it, and maintain it.
eBook Topics Include:
- What is CMMC?
- What are the CMMC Certification Levels?
- What is the difference between FCI and CUI?
- What is the difference between 800-171 and CMMC?
- What contractors need to know about FAR and DFARS?
- CMMC Accreditation Body and Ecosystem
- How to prepare for CMMC audit?
- What does a CMMC audit involve?
- How to ensure ongoing compliance?
Enter your email address to receive the eBook.
Download CMMC Compliance eBook
In this eBook you will learn the following about CMMC:
- CMMC overview
- Who CMMC applies to and requirements
- How it impacts defense contractors
- CMMC audit preparation and process
- Certification process and ongoing compliance
“The new CMMC framework is taking the defense industry by storm and there is a lot of confusion about what it involves and who it applies to. Our goal is to try to simplify all of the information on CMMC into a clear and consolidated guide for DoD contractors.”
Excerpt From CMMC eBook
The Cybersecurity Maturity Model Certification is a new requirement for DoD contractors and subcontractors. It brings together a number of older cybersecurity requirements to better protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).
“…all DoD contractors should expect to start seeing CMMC requirements as part of the RFP process from September 2020. ”
There are two major differences between the CMMC and older cybersecurity requirements:
- First, contractors will be audited by third-party assessors (the so-called Certified 3rd Party Assessment Organizations, or C3PAOs for short) based on the requested audit level, the C3PAO will determine if the contractor passes or fails the audit. In other words, the CMMC will not contain any self-attestation component, although contractors are encouraged to complete a self-assessment prior to scheduling a CMMC certification.
- Second, the CMMC defines five certification levels as a more flexible alternative to previous one-size-fits-all approaches. It’s up to contractors to pass audit at the level specified in Requests For Information (RFIs) and Requests for Proposals (RFPs).
Without cybersecurity policies outlining how to keep threats at bay and clearly stating what needs to be done when they do occur, small and medium size organizations are at a huge disadvantage in today’s world, where costly breaches and cyber-attacks are the new normal.
The first full version of the CMMC was published on the website of the Office of the Under Secretary of Defense for Acquisition & Sustainment in January 2020, and all DoD contractors should expect to start seeing CMMC requirements as part of the RFP process from September 2020.
Eventually, all DoD contractors and subcontractors that handle FCI and CUI will be required to obtain a CMMC certificate. Only contractors that provide commercial-off-the-shelf products and don’t handle any CUI won’t be required to achieve one of the five levels of certification.