How to achieve CMMC levels 1 through 5

Introduction: Where the DoD stands on cybersecurity certification

The Department of Defense (DoD) has created the Cybersecurity Maturity Model Certification (CMMC) in an effort to secure the Defense Industrial Base (DIB). This was in response to the growing concern that DoD subcontractors cannot always adequately meet the needed cybersecurity standards and best practices for managing sensitive data, which was then becoming the weakest link in the DoD cybersecurity chain. 

An attempt to assist suppliers in enhancing their cybersecurity protections has led the OUSD (A&S) (Office of the Under Secretary of Defense for Acquisition and Sustainment) to introduce the CMMC. This is in order to ensure that all defense contractors in the supply chain are able to adhere to unified standards to be eligible to work with the US government under a contract to develop or deliver a product or service.

Complying with the DoD’s CMMC

CMMC, which is built on other cybersecurity standards (specifically NIST 800-171 and DFARS clause 252.204-7012), is designed to assess the maturity of an organization’s security practices. Maturity levels are assigned to contractors, based on the state of their cybersecurity program and the security controls in place. 1 is the lowest rating and 5 is the highest maturity rating.

All companies doing business with the DoD must be CMMC-certified whether they handle CUI (Controlled Unclassified Information) or not. In contrast with the past, when companies were able to self-certify their status and enter a contract with the promise to work towards compliance, now businesses of all sizes are audited by an independent non-profit third party that will assign them a 1 to 5 cybersecurity “maturity” level before they are under contract. 

With the rollout of CMMC, all 300,000 DoD contractors will need to obtain external assessments of cybersecurity compliance. These will be (Read more...)

Sponsorships Available

Sponsorships Available

Sponsorships Available