The Department of Defense recently implemented the Cybersecurity Maturity Model Certification (CMMC) to regulate cybersecurity preparedness across the federal government’s defense industrial base (DIB). If your organization does DoD work for a government contractor and didn't know the rules changed in 2020, it is time to get to work.
Although the timeline for CMMC certification will depend on the size of your organization and the requirements listed in the contract with your DoD contractor, if you are dealing with a Prime contractor you may have to achieve CMMC level 3 or higher more quickly than you'd like.
Still, many of our smaller clients are able to work toward the deprecated 800-171 requirements, of which only 31 apply to an equivalent CMMC level 1, while the new CMMC standard process shakes itself out. However, they still have to meet their FAR clause 52.204-21 and DFARS Clause 252.204-2012 requirements in their contracts. While this is an obvious benefit to continuity of operations (winning those RFQ's!) It would be inadvisable to become complacent.
Cyber Advisors takes the long view as an RPO when working toward 800-171/CMMC compliance. We believe that the safest option is to build that solid foundation to achieve CMMC level 3 and beyond while striving to keep those RFQ wins coming while the standards allow.
Get Started: Cyber Advisors is a registered RPO and can assist your organization to prepare for the certification. Please contact us today to speak to an RP by filling out the contact form below.
Cyber Advisors CMMC profile: https://cmmcab.org/marketplace/cyber-advisors-inc/