CMMC which stands for Cybersecurity Maturity Model Certification is the latest set of guidelines as prescribed by the DOD that implements the deadline for contractors to meet the new rules as it relates to cybersecurity practices and policies. This will need to be adhered to strictly by organizations that operate under the Defense Industrial Base (DIB).
These new guidelines began in November 2020 by self-auditing existing contractors of the need to become CMMC certified. By the start of January 2021, the new guidelines were already in effect and will need to be fully enforced by the end of 2026. This could mean an overhaul of the entire cybersecurity services or program for small businesses that operate within the framework.
While the aim of this initiative is for industry transformation by the end of the deadline, nearly 60% of the companies operating in the industry still aren’t aware of what is contained in the initiative. The necessitated the need for a guideline to let everyone involved become aware of what to expect. There is still a lot to do to bring companies up to speed about the need for compliance with the new requirements. And as already notified by the DOD, companies who make the effort to comply will benefit the more.
As >As It StandsOnly 42% of companies are familiar with the CMMC guidelines with only a percentage of companies successfully implementing NIST practices. And this is the actual framework that supports the requirement for CMMC.
Wha>What is Required?To meet the full standardization of the certification, businesses operating under the framework according to the Department of Defense will need to meet the following requirements,
- Achieve five levels of certification
- Each level will need to be built on the previous one
- At attaining level 5 certification, companies will need to meet 171 practices
- The position of a company in the supply chain will depend on the certification required
Ind>Industries that Will Are Required to Obtain the CMMCIdeally, anyone operating in the DOD supply chain will need to do well to get certified. The Department of Defense already postulates that the new standards will be challenging for nearly or more than 300,000 companies to meet. A certification between level 1 and level 3 will be necessary to qualify for government contracts.
The standards will need to be met by companies that deals with controlled unclassified information (CUI) and the companies that fall under this sector include
- Procurement and acquisition
- Proprietary Business Information
- International Agreement
- Export Control
Many other sectors will need to make it a must to fulfill the minimal obligations to be able to secure DOD contracts moving forward. In addition, subcontractors will also need to meet the relevant documentation which is the minimum CMMC 1 to be able to get contracts from the DOD. This link https://www.federalregister.gov/agencies/defense-department has more on the functions of the DOD.
Mee>Meeting the Requirements
For each level of certification, each contractor will need to exhibit beyond reasonable doubt that they meet the requirement after scrutiny.