Now is a good time to start preparing for new certification standards for defence contractors.
The federal government will require a new certification standard for government contracts in 2025.
The Department of Defense has established a “Cyber-security Maturity Model Certification,” which makes significant changes from the current system.
The standard has five levels of rating, with requirements that firms set up protection and security protocols for Controlled Unclassified Information, Federal Contract Information, and other data, networks and systems within the Defense Industrial Base.
Outside audit required
One of the biggest changes: Companies can no longer “self-report” that they have met standards.
Now they won’t comply with the standards until they pass an audit conducted by a certified third-party assessment organization.
The resulting assessment will assign a CMMC Maturity Level (1 – 5). This will depend on the company’s competency and security in various areas. One smart move: Find an expert to help you determine which level your company wants to reach. Then assess your needs and hold a “dress rehearsal” before the outside auditor visits.