The Cybersecurity Maturity Model Certification or CMMC is a unified standard implemented by the U.S. The Cybersecurity Maturity Model Certification or CMMC program is designed to protect sensitive but unclassified information by enhancing cybersecurity standards and assessment requirements by the Department of Defense (DoD) for companies across the Defense Industrial Base (DIB).
DoD is concerned with safeguarding and protecting the following two classes of information:
- Safeguarding Federal Contract Information (FCI): Information provided by or generated for the Government under contract not intended for public release.
- Protecting Controlled Unclassified Information (CUI): Unclassified but potentially sensitive information that requires safeguarding or dissemination controls.
CMMC and the related NIST 800-171 are cybersecurity frameworks through which that protection is achieved and validated. Current DoD contractors already need to meet DFARS 252.204-7012 and NIST SP 800-171! Failure to do so can result in fines, disbarment, and lawsuits under the Federal False Claims Act.
The CMMC is the DoD’s response to significant compromises of sensitive information located on contractors’ information systems. DIB contractors are now required to implement and continuously maintain a series of strict cybersecurity guidelines demonstrating good cyber hygiene, adaptability against malicious cyber threats and proper data protection strategies.
Concerns Associated With CMMC Compliance
- All businesses working for the DoD along any point of the supply chain are required to comply.
- Minimum certification requirements demonstrating alignment with NIST SP 800-171 standards go into effect November 30th, 2020.
- Each tier of the certification is a prerequisite for the following tier to pass.
- CMMC compliance will be required by all contractors of the DoD by 2026.
- Failure to comply with the required Systems Security Plan (SSP) and Plan of Action and Milestones (POA&M) could result in contract performance issues and/or breach of contract.
BizCom Global is one of the limited numbers of CMMC-AB RPOs with several RPs on staff.
- Where is your company on the CMMC and NIST 800-171 compliance path right now? We can help you in developing and implementing best practices and controls, identifying and remediating any gaps, and demonstrating good cyber hygiene by fully implementing NIST 800-171.