CMMC – Cybersecurity Maturity Model Certification

What is CMMC

CMMC stands for “Cybersecurity Maturity Model Certification”. Per the latest version of CMMC, Model v1.02 maturity level of an organization is assed to be “Basic Cybersecurity Hygiene” to “Advanced/Progressive”. The intent is to incorporate CMMC into Defense Federal Acquisition Regulation Supplement (DFARS) and use it as a requirement for contract award as published on https://www.acq.osd.mil/cmmc/updates.html.

Why to get CMMC

Currently, NIST 800 171 Rev 2: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations are used for compliance with CUI requirements. Requirements apply to all nonfederal systems and organizations that process, store, and/or transmit CUI, or that provide protection for such component. Since this standard is not audited, in order to improve the cybersecurity posture of the Defense Vendor’s or Defense Industrial base, DoD has planned migration to CMMC. All DoD vendors which constitute approximately over 300,000 will need to migrate to CMMC by 2025. CMMC has 5 levels and the draft has the practice and processes that are to be achieved at each level. CMMC 1-3 level require meeting all 110 controls specified in NIST 800-171.

Benefits of CMMC

Prevent the loss of the CUI from Vendors which is a risk to national security.

Continue business as a vendor to DoD and be part of the Defense Industrial Base.

Systematically aligned and enhanced cybersecurity framework.

Ability to win more contracts and better CPAs.

Enhance Customer satisfaction and process for continual improvement.