What is the Cybersecurity Maturity Model Certification (CMMC)?
Since early 2020, the Department of Defense (DoD) has been developing a new program for third-party certification of the security of information systems in all DoD contractors and subcontractors. This new CMMC requirement will impact approximately 300,000 businesses in the US, many of whom are small contractors or subcontractors lacking even basic cyber hygiene.
It is currently expected that the final rule will be issued in March-May 2023, with the new CMMC clause showing up in some DoD contracts within 60 days, and all DoD contracts by October 1, 2025,
According to information released to its membership, The National Defense Industrial Association, most organizations should plan on spending 18-24 months to fully implement the requirements and be ready for an official assessment (which could take many more months). Smart organizations are starting to prepare now. Contracts with the CMMC clause will only be awarded to organizations that already have their CMMC in place, and prime contractors are obligated to "flow down" the CMMC requirements to their subcontractors.
The CMMC Accreditation Body (Cyber AB), a non-profit organization managing the ecosystem for certifying contractors under the CMMC Model, began training the first level of CMMC consultants, the Registered Practitioner, in 2020. We are pleased to say that our President, Glenda R. Snodgrass, was among the first to successfully complete the training and be credentialed CMMC-RP, and our VP of Network Operations, Mitch Adair soon followed suit. In November 2022, Ms. Snodgrass became one of the first individuals to become a Certified CMMC Professional (CCP). The Net Effect is a CMMC-AB Registered Provider Organization™.
While the CMMC currently applies only to DoD contractors, the GSA has already included references to CMMC in a recent solicitation, DHS has publicly expressed great interest, and it is widely believed that the CMMC will be expanded to all federal government contractors in the near future. If you have any questions about the CMMC, please contact us! We are always happy to talk with organizations who have cyber security concerns.
If you haven't already signed up for our newsletter, CMMC Update, do that now!