What is CMMC
CMMC stands for “Cybersecurity Maturity Model Certification”. Per the latest version of CMMC, Model v1.02 maturity level of an organization is assed to be “Basic Cybersecurity Hygiene” to “Advanced/Progressive”. The intent is to incorporate CMMC into Defense Federal Acquisition Regulation Supplement (DFARS) and use it as a requirement for contract award as published on https://www.acq.osd.mil/cmmc/updates.html.
Why to get CMMC
Currently NIST 800 171 Rev 2 : Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations is used for compliance to CUI requirements. Requirements apply to all nonfederal systems and organizations that process, store, and/or transmit CUI, or that provide protection for such component . Since this standard is not audited, in order to improve the cyber security posture of the Defense Vendor’s or Defense Industrial base, DoD has planned migration to CMMC. All DoD vendors which constitutes to approximately over 300,000 will need to migrate to CMMC by 2025. CMMC has 5 level and draft has the practice and processes that are to be achieved at each level. CMMC 1-3 level require meeting all 110 controls specified in NIST 800-171.
Benefits of CMMC
- Prevent loss of the CUI from Vendors which is a risk to national security.
- Continue business as vendor to DoD and be part of the Defense Industrial Base.
- Systematically aligned and enhanced cybersecurity framework.
- Ability to win more contracts and better CPARs.
- Enhance Customer satisfaction and process for continual improvement.