Guide To CMMC

CMMC Overview

Cybersecurity Maturity Model Certification

The Cybersecurity Maturity Model Certification, or CMMC, is set to be the solution to prioritizing DFARS enforcement while helping small businesses improve their cybersecurity and slow down the criminals responsible for government IT and R&D losses.

 

The official CMMC Standard government page states, “The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) recognizes that security is foundational to acquisition and should not be traded along with cost, schedule, and performance moving forward. The Department is committed to working with the Defense Industrial Base (DIB) sector to enhance the protection of controlled unclassified information (CUI) within the supply chain.”

This new standard will require independent, third party audits and is a must by 2025 for every company doing business with the Department of Defense. The CMMC currently has five maturity levels, including:

  • CMMC Maturity Level 1 | Basic Cyber Hygiene

  • CMMC Maturity Level 2 | Intermediate Cyber Hygiene

  • CMMC Maturity Level 3 | Good Cyber Hygiene

  • CMMC Maturity Level 4 | Proactive

  • CMMC Maturity Level 5 | Advanced/Progressive

DoD Contractors need to identify your desired CMMC level to bid on DoD contracts. Contractors that have already implemented NIST SP 800-171, ISO 9001, ISO/IEC 20000-1 and ISO/IEC 27001, should be 85-90% compliant to the new CMMC requirements.

ISOP Solutions is a CMMC Registered Provider Organization (RPO) and an approved Certified Third-Party Assessor Organization (C3PAO) Candidate.