
Not familiar with CMMC? Well, if you are a federal contractor, you will need to be. If you have not heard, CMMC will be the most important certification you will need in the coming years as a government contractor. Maybe, more important than, 8a, WOSB, HUBZone, SDVOSB, MBE, WBE, and other such certifications for federal contracting.
CMMC stands for Cybersecurity Maturity Model Certification and it is coming… FAST. On January 31, 2020 CMMC was announced and soon it will be expected of every DOD contractor. Eventually, civilian agencies, large primes and potentially publicly traded companies will most likely require that you implement these new requirements.
Three Key takeaways are these:
1. Cybersecurity risks threaten the Defense industry and the National Security of the US and its allies,
2. The CMMC model is a collaboration between industry, academia, military, Capitol Hill and the public,
3. This is just the first milestone.
The goal of the CMMC is to achieve a Cyber Safe, Cyber Secure and Cyber Resilient Defense Industrial base.
The most vulnerable link in the Defense supply chain is usually six, seven or eight levels down. This usually lies with us, the small business subcontractor. Because we may not have strong cybersecurity defense systems in place, it is relatively easy for a cyber attacker to breach our systems. We then inadvertently transmit the malware, trojan horse or a myriad of other crippling cyber threats up the supply chain as we communicate with the sub or prime contractor above us.
Historically, $600 Billion – approximately 1% of GDP – is lost via cyberthreats. With the introduction of CMMC, the Defense industry is taking seriously the task of eliminating these threats to every extent possible.
What is the timeline for CMMC?
The 2021 CMMC Timeline
The first six months of 2021 are still murky as to what the CMMC Accreditation Body and procurement officers will do. But it’s the first two quarters that will be some of the most formative in terms of the program structure moving into the next 5 years, which is when all DoD contractors and subcontractors will have to complete the CMMC.
To learn more about CMMC, check out these resources:
https://www.acq.osd.mil/cmmc/faq.html
https://www.cmmcab.org
https://youtu.be/5amuow9PZwg?t=142