The Value of CMMC
Cybersecurity Maturity Model Certification
The Department of Defense is creating a new cybersecurity standard and certification for defense contractors called the Cybersecurity Maturity Model Certification (CMMC). It is meant to improve cybersecurity deficiencies in the defense industrial base, secure the supply chain and is based on NIST SP 800-171, among other standards.
The CMMC is set to be the solution to prioritizing DFARS enforcement while helping small businesses improve their cybersecurity and slow down the criminals responsible for government IT and R&D losses. This new standard will require independent, third party audits and is a must for every company doing business with the DoD. The CMMC is currently in its development stages and is expected to have five maturity levels, including:
CMMC Level 1 | Basic Cyber Hygiene
CMMC Level 2 | Intermediate Cyber Hygiene
CMMC Level 3 | Good Cyber Hygiene
CMMC Level 4 | Proactive
CMMC Level 5 | Advanced/Progressive
DoD Contractors need to determine which CMMC level they want to obtain and implement the controls necessary. Contractors that have already implemented NIST SP 800-171, ISO 9001, ISO/IEC 20000-1 and ISO/IEC 27001, it should be 85-90% compliant to the new CMMC requirements.
ISOP Solutions can assist DoD contractors in preparing for CMMC.