Value of CMMC

The Department of Defense (DoD) identified that the United States, as a country, is losing an average of $600 billion annually in defense intellectual property (IP) to non-friendly countries due to hacking the DoD Industrial Base (DIB) suppliers. The DIB is comprised of over 350,000 small-to-large organizations. The very large defense contractors are few and comprise less than 1% (about 35) of the DIB and these should have very strong information security. The remaining 99% DIB members are ideal targets of the hackers.

​

NIST SP 800-53 and NIST SP 800-171 were developed to try and stop this drain of U.S IP. It did not work because it was determined to be a self-compliant method. Over 75% of companies who claimed self-compliance failed. The DoD then made a huge commitment to develop a certification program called the Cybersecurity Maturity Model Certification (CMMC).

​

From the official CMMC Standard government page, here is what it sets to do:

​

• To safeguard sensitive national security information, the Department of Defense (DoD) launched CMMC 2.0, a comprehensive framework to protect the defense industrial base’s (DIB) sensitive unclassified information from frequent and increasingly complex cyberattacks. With its streamlined requirements, CMMC 2.0:

  • Simplifies compliance by allowing self-assessment for some requirements

  • Applies priorities for protecting DoD information

  • Reinforces cooperation between the DoD and industry in addressing evolving cyber threats

​

ISOP Solutions is an approved Certified Third-Party Assessor Organization (C3PAO) Candidate.