Guide To CMMC
Cybersecurity Maturity Model Certification
The Cybersecurity Maturity Model Certification, or CMMC, is set to be the solution to prioritizing DFARS enforcement while helping small businesses improve their cybersecurity and slow down the criminals responsible for government IT and R&D losses.
The official CMMC Standard government page states, “The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) recognizes that security is foundational to acquisition and should not be traded along with cost, schedule, and performance moving forward. The Department is committed to working with the Defense Industrial Base (DIB) sector to enhance the protection of controlled unclassified information (CUI) within the supply chain.”
This new standard will require independent, third party audits and is a must by 2025 for every company doing business with the Department of Defense. The CMMC currently has five maturity levels, including:
CMMC Maturity Level 1 | Basic Cyber Hygiene
CMMC Maturity Level 2 | Intermediate Cyber Hygiene
CMMC Maturity Level 3 | Good Cyber Hygiene
CMMC Maturity Level 4 | Proactive
CMMC Maturity Level 5 | Advanced/Progressive
DoD Contractors need to identify your desired CMMC level to bid on DoD contracts. Contractors that have already implemented NIST SP 800-171, ISO 9001, ISO/IEC 20000-1 and ISO/IEC 27001, should be 85-90% compliant to the new CMMC requirements.
ISOP Solutions is a Certified Third-Party Assessor Organization (C3PAO) Candidate.