Not familiar with CMMC? Well, if you are a federal contractor, you will need to be. CMMC stands for Cybersecurity Maturity Model Certification and it is coming… FAST. On January 31, CMMC version 1.0 was announced and soon it will be expected of every DOD contractor. Three Key takeaways are these:
1. Cybersecurity risks threaten the Defense industry and the National Security of the US and its allies,
2. The CMMC model is a collaboration between industry, academia, military, Capitol Hill and the public,
3. This is just the first milestone.
The goal of the CMMC is to achieve a Cyber Safe, Cyber Secure and Cyber Resilient Defense Industrial base.
The most vulnerable link in the Defense supply chain is usually six, seven or eight levels down. This usually lies with us, the small business subcontractor. Because we may not have strong cybersecurity defense systems in place, it is relatively easy for a cyber attacker to breach our systems. We then inadvertently transmit the malware, trojan horse or a myriad of other crippling cyber threats up the supply chain as we communicate with the sub or prime contractor above us.
Historically, $600 Billion – approximately 1% of GDP – is lost via cyberthreats. With the introduction of CMMC, the Defense industry is taking seriously the task of eliminating these threats to every extent possible.
What is the timeline for CMMC?
The late spring and early summer will bring in the new Defense Federal Acquisition Regulation (DFAR) requirements.
Beginning June 2020, CMMC requirement will show up in selective RFI’s
Beginning September 2020, CMMC standards will be required at the time of contract award for all DOD RFP’s
The CMMC accreditation body was created in January. It is comprised of 13 unbiased parties overseeing the training, quality, and administration of the CMMC Third Party Assessment Organizations called C3PAO’s.
Please review the video via the attached link learn more about this new requirement that will become the standard in all Defense contracts beginning in September 2020.