Cybersecurity Maturity Model Certification (CMMC)
As cyber threats become highly damaging and complex, a new cybersecurity compliance certification model is being developed by the Department of Defense (DoD) to secure its Defense Industrial Base (DIB), and communication with its private partners. It goes by the name Cybersecurity Maturity Model Certification (CMMC), and it will build upon existing DFARS 252.204-7012 and the NIST 800-171 controls.
The CMMC has five levels of certification ranging from ‘Basic Cyber Hygiene’ to ‘Progressive’. Each level requires the implementation of a certain number of cybersecurity controls given in the CMMC framework. The eligibility of contractors will be assessed based on the implementation of these levels. For example, the highest level (Level 5 – Progressive/Advanced) will be necessary for the companies that seek DoD’s critical contracts. So, the higher your CMMC level, the more impressive your bid will be and the more contracts you can bid on!
Contractors compliant with NIST 800-171 should be able to receive level 3 certification under the CMMC, requirements sufficient for 99% of companies.
Organizations that have implemented the baseline security but have not been keeping up with continuous monitoring activities and relevant documentation, should conduct another gap assessment to determine to what extent have they lapsed in security requirements and how much work is needed to get them back to the baseline security level prior to going though the certification process.
Secure Open Solutions has everything it takes to achieve and maintain the compliance level that your company needs to compete for DoD contracts. The CMMC and its guidelines may seem a little overwhelming and sometimes expensive, but SOS will only provide compliance plans that are completely customized to your company’s needs with flexible pricing for small businesses. We are veteran-owned and have been assisting defense contractors for many years, giving us a comprehensive knowledge of the DoD’s cybersecurity requirements and their process of evaluation. We currently handle: