The Department of Defense is implementing the Cybersecurity Maturity Model Certification (CMMC) to regulate cybersecurity preparedness across the federal government’s defense industrial base (DIB). Below, we will review the CMMC certification, the DIB, CMMC levels, and how Cyber Advisors is available to prepare you for this critical certification.
Cyber Advisors is an approved Registered Provider Organization (RPO). The RPOs and RPs in the CMMC ecosystem provide advice, consulting, and recommendations to clients to help you navigate the CMMC. Cyber Advisors helps prepare our customers for CMMC readiness but does not conduct Certified CMMC assessments ourselves. Please find our profile below: https://cmmcab.org/marketplace/cyber-advisors-inc/
What is the Cybersecurity Maturity Model Certification (CMMC)?
The Cybersecurity Maturity Model Certification is a program originated by the Department of Defense (DoD) used to measure their defense contractors’ capabilities, readiness, and sophistication in the area of cybersecurity. The framework is a collection of processes, other frameworks, and inputs from existing cybersecurity standards such as NIST, FAR and DFARS
At its core, the ultimate goal of the certification is to improve the security of Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) that is in the possession and use of their federal contractors. The CMMC program was announced on January 31, 2020.
When Will It Take Effect?
It is expected that CMMC will be a requirement of all new DoD requests for proposals beginning in 2026. It is already a requirement for a limited number of contracts in 2021.
Who Needs The CMMC?
The certification is applicable to contractors who engage directly with DoD and their subcontractors. There are over 300,000+ companies in the Defense Industrial Base (DIB) with over $400B in annual spend. Some contract opportunities will require low level certifications, and some will be higher.
Why Does CMMC Matter?
It is estimated that cybercrime drains $600 billion annually from the global GDP. Relying on the large network of contractors to perform its mission means that the Department of Defense is entrusting each one of them with critical data that systematically increases the overall risk.
The DoD has released CMMC to accelerate the adoption of best practices in cybersecurity with a “defense in depth” strategy across its entire global contractor base. The progressive model covers advancing levels of cybersecurity processes and practices resulting in a certification level. Contractors must start at level 1 and certify at each level all the way to the top level 5.
The CMMC Framework and 5 Levels
The Cybersecurity Maturity Model Certification is based on an ascending level of preparedness from level 1 (lowest) to level 5 (advanced).
CMMC exists to ensure the protection of two types of information from disclosure or unauthorized use:
- Controlled Unclassified Information (CUI): Information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act.
- Federal Contract Information (FCI): Information, not intended for public release, that is provided by or generated for the government under a contract to develop or deliver a product or service to the government.
Cyber Advisors is a registered RPO and can assist your organization to prepare for the certification. Please contact us today to speak to an RP by filling out the contact form below.