Value of CMMC

What is the Value of CMMC?

The Department of Defense (DoD) identified that the United States, as a country, is losing an average of $600 billion annually in defense intellectual property (IP) to non-friendly countries due to hacking the DoD Industrial Base (DIB) suppliers. The DIB is comprised of over 350,000 small-to-large organizations. The very large defense contractors are few and comprise less than 1% (about 35) of the DIB and these should have very strong information security. The remaining 99% DIB members are ideal targets of the hackers.

NIST SP 800-53 and NIST SP 800-171 were developed to try and stop this drain of U.S IP. It did not work because it was determined to be a self-compliant method. Over 75% of companies who claimed self-compliance failed. The DoD then made a huge commitment to develop a certification program called the Cybersecurity Maturity Model Certification (CMMC).

From the official CMMC Standard government page, here is what it sets to do:

  • The CMMC will review and combine various cybersecurity standards and best practices and map these controls and processes across several maturity levels that range from basic cyber hygiene to advanced. For a given CMMC level, the associated controls and processes, when implemented, will reduce risk against a specific set of cyber threats.

  • The CMMC effort builds upon existing regulation (DFARS 252.204-7012) that is based on trust by adding a verification component with respect to cybersecurity requirements.

  • The goal is for CMMC to be cost-effective and affordable for small businesses to implement at the lower CMMC levels.

  • Authorized and accredited CMMC Third Party Assessment Organizations (C3PAOs) will conduct assessments and issue CMMC certificates to Defense Industrial Base (DIB) companies at the appropriate level.

ISOP Solutions is an approved Certified Third-Party Assessor Organization (C3PAO) Candidate.