CMMC Factsheet

1. What is it? CMMC stands for “Cybersecurity Maturity Model Certification.” The model contains new requirements for DoD contractors designed to improve information protection and cybersecurity. The framework ensures contractors have a certain degree of cybersecurity controls and processes in place. The standard is assessed across five levels of maturity, with level 1 requiring basic cybersecurity and level 5 requiring advanced practices. Requirements are cumulative meaning requirements at level 1 are also required at every other level and so on.
2. Timeline? CMMC requirements and auditing process continue to evolve despite COVID-19. Be wary of any information that is timeline related, there is a lot of unknowns and contradictory information from multiple sources making it tough to pinpoint exact answers and dates. Currently, the CMMC-AB’s official website indicates that commercial audits will begin in Spring 2020.
3. How can my business prepare? Contractors should begin preparing for certification now if they wish to continue bidding on potential contracts. Your business can prepare with the following tips.

• Become familiar with the CMMC standard: We recommend referencing the DoD’s CMMC FAQ to learn more about the model. https://www.acq.osd.mil/cmmc/faq.html
• Determine your desired level of maturity: As previously mentioned, the CMMC model has five levels of security maturity. Identify what levels your company wants to be able to achieve based on current practices, resources, and future goals.
• Conduct a Readiness Assessment and Gap Analysis: Hire a consultant. Third-party consultants can help assess your current cybersecurity health and well as make recommendations for what is needed to obtain a certain CMMC level.

How can Kreative help?  Kreative has applied to be a “Registered Provider Organization or “RPO”. Upon accreditation, we can help assess your company’s preparedness.