What is the Cybersecurity Maturity Model Certification (CMMC)?
Since early 2020, the Department of Defense (DoD) has been developing a new program for third-party certification of the security of information systems in all DoD contractors and subcontractors. This new CMMC requirement will impact approximately 300,000 businesses in the US, many of whom are small contractors or subcontractors lacking even basic cyber hygiene.
The CMMC rule went to OMB for review on July 23, and is expected to be published in October. At that time, we will know whether the CMMC clause will begin showing up in DoD contracts this year or next. (Meanwhile, we did get a sneak peak at the rule's contents when the new Scoping and Assessment Guides for all three levels were leaked briefly on August 3.)
According to information released to its membership, The National Defense Industrial Association, most organizations should plan on spending 18-24 months to fully implement the requirements and be ready for an official assessment (which could take many more months). Smart organizations are starting to prepare now. Contracts with the CMMC clause will only be awarded to organizations that already have their CMMC in place, and prime contractors are obligated to "flow down" the CMMC requirements to their subcontractors.
We are pleased to say that our President, Glenda R. Snodgrass, was among the first individuals to become a Certified CMMC Professional (CCP) in November 2022, and in May 2023, she became one of the first to pass the Certified CMMC Assessor exam. Our Vice President, Mitch Adair is a CMMC Registered Practitioner.
While the CMMC currently applies only to DoD contractors, the GSA has already included references to CMMC in a recent solicitation, DHS has publicly expressed great interest, and it is widely believed that the CMMC will be expanded to all federal government contractors in the near future. If you have any questions about the CMMC, please contact us! We are always happy to talk with organizations who have cyber security concerns.
If you haven't already signed up for our newsletter, CMMC Update, do that now!