You'll get regular updates on the progress of the CMMC, and useful tips on preparing for your own CMMC assessment.
I've prepared a list of links to online resources to help you with CMMC.
Coming up: January 26 work(fromhome)shop Understanding the CMMC This online class will introduce you to the basics of the CMMC: what it is, why we have it, applicability, terminology, timeline, the assessment process, methodology, etc. This class is an introduction to my "deep dive" series on the specifics of achieving Maturity Levels 1-3 coming up in Spring 2021. Participants in this class will have the first opportunity to sign up for the spring series.
What is the Cybersecurity Maturity Model Certification (CMMC)?
Since early 2020, the Department of Defense (DoD) has been developing a new program for third-party certification of the security of information systems in all DoD contractors and subcontractors. This new CMMC requirement will impact approximately 300,000 businesses in the US, many of whom are small contractors or subcontractors lacking even basic cyber hygiene. While it will likely be 2023 before the CMMC is a reuirement in all DoD contracts, smart organizations are starting to prepare now. Contracts with the CMMC clause will only be awarded to organizations that already have their CMMC in place, and prime contractors are obligated to "flow down" the CMMC requirements to their subcontractors.
The CMMC Accreditation Body, a non-profit organization managing the ecosystem for training assessors and certifying contractors under the CMMC Model, began training the first level of CMMC consultants, the Registered Practitioner, in 2020. We are pleased to say that our President, Glenda R. Snodgrass, was among the first to successfully complete the training and be credentialed CMMC-RP, and our VP of Network Operations, Mitch Adair soon followed suit. The Net Effect is a CMMC-AB Registered Provider Organization™.
While the CMMC currently applies only to DoD contractors, the GSA has already included references to CMMC in a recent solicitation, DHS has publicly expressed great interest, and it is widely believed that the CMMC will be expanded to all federal government contractors in the near future. If you have any questions about the CMMC, please contact us! We are always happy to talk with organizations who have cyber security concerns.
If you haven't already signed up for CMMC Update, do that now!