- What is it? CMMC stands for “Cybersecurity Maturity Model Certification.” The model contains new requirements for DoD contractors designed to improve information protection and cybersecurity. The framework ensures contractors have a certain degree of cybersecurity controls and processes in place. The standard is assessed across five levels of maturity, with level 1 requiring basic cybersecurity and level 5 requiring advanced practices. Requirements are cumulative meaning requirements at level 1 are also required at every other level and so on.
- Timeline? CMMC requirements and auditing process continue to evolve despite COVID-19. Be wary of any information that is timeline related, there is a lot of unknowns and contradictory information from multiple sources making it tough to pinpoint exact answers and dates. Currently, the CMMC-AB’s official website indicates that commercial audits will begin in Spring 2020.
- How can my business prepare? Contractors should begin preparing for certification now if they wish to continue bidding on potential contracts. Your business can prepare with the following tips.
- Become familiar with the CMMC standard: We recommend referencing the DoD’s CMMC FAQ to learn more about the model. https://www.acq.osd.mil/cmmc/faq.html
- Determine your desired level of maturity: As previously mentioned, the CMMC model has five levels of security maturity. Identify what levels your company wants to be able to achieve based on current practices, resources, and future goals.
- Conduct a Readiness Assessment and Gap Analysis: Hire a consultant. Third-party consultants can help assess your current cybersecurity health and well as make recommendations for what is needed to obtain a certain CMMC level.
How can Kreative help? Kreative has applied to be a “Registered Provider Organization or “RPO”. Upon accreditation, we can help assess your company’s preparedness.