FTC Safeguards Rule
CMMC is a unified standard implemented by the DoD to regulate cybersecurity measures of contractors.
The Cybersecurity Maturity Model Certification 2.0 (CMMC) is a major Department of Defense (DoD) program built to protect the defense industrial base (DIB) from increasingly frequent and complex cyber-attacks.
It aims to protect:
- Controlled Unclassified Information (CUI – Unclassified but potentially sensitive information that requires safeguarding or dissemination controls.)
- Federal Contract Information (FCI – provided by or generated for the Government under contract not intended for public release)
CMMC builds on existing trust-based regulations (DFARS 252.204-7012) by adding a verification component for cybersecurity requirements.
The CMMC program is designed to protect sensitive, but unclassified information, by enhancing cybersecurity standards and assessment requirements by the Department of Defense (DoD) for companies across the Defense Industrial Base (DIB).
Concerns Associated with CMMC Compliance.
All businesses working for the DoD along any point of the supply chain are required to comply. They must comply with –
- Each tier of the certification is a prerequisite for the following tier to pass.
- CMMC compliance will be required by all contractors of the DoD by 2026.
- Failure to comply with the required Systems Security Plan (SSP) and Plan of Action and Milestones (POA&M) could result in contract performance issues and/or breach of contract.
BizCom Global is one of the limited numbers of CMMC-AB RPOs with several RPs on staff.
Where is your company on the CMMC compliance path right now? We can help you in developing and implementing best practices and controls, identifying and remediating any gaps, and demonstrating good cyber hygiene.