Value of CMMC
What is the Value of CMMC?
The Department of Defense (DoD) identified that the United States, as a country, is losing an average of $600 billion annually in defense intellectual property (IP) to non-friendly countries due to hacking the DoD Industrial Base (DIB) suppliers. The DIB is comprised of over 350,000 small-to-large organizations. The very large defense contractors are few and comprise less than 1% (about 35) of the DIB and these should have very strong information security. The remaining 99% DIB members are ideal targets of the hackers.
​
NIST SP 800-53 and NIST SP 800-171 were developed to try and stop this drain of U.S IP. It did not work because it was determined to be a self-compliant method. Over 75% of companies who claimed self-compliance failed. The DoD then made a huge commitment to develop a certification program called the Cybersecurity Maturity Model Certification (CMMC).
​
From the official CMMC Standard government page, here is what it sets to do:
​
-
To safeguard sensitive national security information, the Department of Defense (DoD) launched CMMC 2.0, a comprehensive framework to protect the defense industrial base’s (DIB) sensitive unclassified information from frequent and increasingly complex cyberattacks. With its streamlined requirements, CMMC 2.0:
-
Simplifies compliance by allowing self-assessment for some requirements
-
Applies priorities for protecting DoD information
-
Reinforces cooperation between the DoD and industry in addressing evolving cyber threats
-
​
ISOP Solutions is an approved Certified Third-Party Assessor Organization (C3PAO) Candidate.