The first official version of the DOD’s CMMC has been published – do you know what’s included, and what it means for your organization?
The first official version of the Cybersecurity Maturity Model Certification (CMMC) was released by the Department of Defense (DoD) Office of the Undersecretary of Defense Acquisition and Sustainment [OUSD(A&S)] earlier this year, and it’s already had an effect on the industry.
These new requirements are a part of an ongoing effort to continually provide more accurate and more effective insight into modern cybersecurity best practices for organizations involved with DOD operations.
Do you know what CMMC is? Check out our latest video to discover what it means for you:
CMMC is the DOD’s way of certifying their contractors’ abilities to protect the Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) shared within the supply chain.
This builds upon the requirements set out by Defense Federal Acquisition Regulation Supplement (DFARS), Code Of Federal Regulations (CFR) and National Institute of Standards and Technology (NIST) guidelines (namely, 800-171 of the latter).
The DoD relies on external contractors and suppliers like you to carry out a wide range of tasks. Sensitive data is shared with you must be protected. The fact is that inadequate safeguards for this sensitive data may threaten America’s National Security and put our military members at risk
The DoD has implemented a basic set of cybersecurity controls through DoD policies and the DFARS. The DFARS rules and clauses apply to the safeguarding of contractor/supplier information systems that process, store or transmit Controlled Unclassified Information (CUI). These security controls must be implemented at both the contractor and subcontractor levels based on information security guidance developed by the National Institute of Standards and NIST Special Publication 800-171 “Protecting Controlled Unclassified Information in Non-federal Information Systems and Organizations.”
As a U.S. DoD contractor who collects, stores, or transmits Covered Defense Information (CDI) or Controlled Unclassified Information (CUI) you must comply with NIST regulation 800-171 and DFARS 252.204-7012. Your subcontractors must comply as well and be able to maintain compliance. If you don’t, you can’t bid on DoD contracts, and you may lose the ones you have. The CMMC is the DOD’s way of giving contractors like you a method for verifying that the appropriate measures have been put in place.
Don’t drop out of the defense contracting sector just because it’s become more difficult to stay compliant. Our team is available to help you analyse your current compliance, and improve it to meet new standards set by the CMMC. Doing so will make your business more secure, effective, and competitive in the market.
Becoming CMMC compliant with our expert assistance is easy: