In order for contractors to work more securely and efficiently with the Department of Defense, the Cybersecurity Maturity Model Certification (CMMC) was devised by the Office of the Under Secretary of Defense for Acquisition and Sustainment and the Defense Industrial Base (DIB). The CMMC is providing contractors with a framework of best practices that will help agencies defend against potential attacks.
The Defense Industrial Base (DIB) is comprised of hundreds of thousands of companies and organizations, all committed to the goal of maintaining national security. But the DIB’s magnitude has created a vast cyber footprint filled with potential cybersecurity vulnerabilities that could be leveraged by malicious actors seeking to compromise national security.
To ensure the DIB is protected against these threats, the military has introduced the Cybersecurity Maturity Model Certification (CMMC). CMMC is a certification for contractors looking to work with the military that provides them with a framework or roadmap of cybersecurity policies and best practices that they should implement to protect themselves and their government customers.
Starting as early as this year, Department of Defense (DoD) contracts will require that contractors meet a certain level of cyber hygiene – based on the services provided – in order to be awarded those contracts. By 2026, every DoD contract is expected to have a CMMC requirement. In total, 300,000 companies and organizations are expected to be affected by CMMC.
In addition to military organizations, other federal civilian agencies are considering implementing CMMC to support and strengthen their own cybersecurity positioning. Meaning that even if your organization services the federal civilian marketplace and doesn’t work with the military, it is still important to understand the CMMC model, as it is expected to be a cybersecurity mainstay and requirement in the near future.
Though the CMMC process is expected to roll out over the course of the next five years, DIB organizations and contractors that serve federal civilian agencies should prepare themselves now, before CMMC becomes a standard requirement for all government contract awards.
Last month, ACG National Capital sponsored the “Navigating CMMC – The Cybersecurity Maturity Model Certification” webinar to help guide organizations through the CMMC process.
Topics of discussion included:
o The status of CMMC in RFPs
o The certification process
o The dispute and resolution process
o The use of third parties to achieve compliance
o How contractors and system integrations can prepare
Webinar panelists included:
o Mike Baker, Vice President & CISO, GDIT
o Ed Bassett, CISO, NeoSystem
o Neal Beggan, Principal, Cherry Bekaert
o Jeff Trinidad, Director, L3Harris
Click the play button below to watch the Webinar in its entirety: