The number of cyber-attacks continues to skyrocket – government agencies, private businesses, and not-for-profits are all in the crosshairs of cybercriminals and nation-state threat actors. The risk to government agencies is incredibly high since the nature and sensitivity of the data they manage go far beyond most data held by private enterprise.
To bolster the DoD’s already extensive security framework, the Office of the Undersecretary of Defense for Acquisition and Sustainment recently introduced the Cybersecurity Maturity Model Certification (CMMC), designed to protect unclassified data shared across the defense supply chain. Here’s an overview.
About the CMMC
The CMMC program enhances cyber protection standards for companies in the defense industrial base (DIB), and it’s designed to protect sensitive unclassified information the Department of Defense shares with its contractors and subcontractors. The program incorporates a set of cybersecurity requirements into acquisition programs and provides the Department with increased assurance that contractors and subcontractors are meeting these requirements. In short, it’s designed to keep us, and our data, safer.
3 key features
A tiered model for CMMC
CMMC requires that companies entrusted with national security information implement cybersecurity standards at progressively advanced levels, depending on the type and sensitivity of the information. The program also sets forward the process for information flow down to subcontractors.
CMMC assessment requirement
CMMC assessments allow the Department of Defense to verify the implementation of clear cybersecurity standards.
Implementation through contracts
Once a vendor has CMMC fully implemented at the required level, certain DoD contractors who handle sensitive unclassified DoD information will be required to achieve a specific designated CMMC level as a condition of contract award.
CMMC readiness assessment
For many vendors who work with the DoD or other large government agencies, their contracts are the lifeblood of their business. Are you ready for CMMC, and at the level you needed for obtaining or retaining a DoD contract? A CMMC Readiness Assessment can help you determine where you stand – and what you need to do to meet your required level of CMMC hygiene.
Learn more about CMMC – connect with us.
Barnes Dennig can help your organization Assess, Remediate, Prepare and Achieve CMMC compliance.
Over the next five years, DoD contractors will be required to comply with CMMC requirements or risk becoming ineligible for new or renewing DoD contracts. So, it’s critical to consult with a qualified cybersecurity consultant who can evaluate your situation and determine the best path forward. Contact us to get started on your CMMC readiness assessment today.