If your organisation is one of the 300,000 currently doing business with the U.S. Department of Defense (DoD), then you may be affected by regulatory requirements being brought in this year as part of the new Cyber Maturity Model Certification (CMMC). Designed to allow for better assessment and pragmatic improvements to the cybersecurity posture of the US Defense Industrial Base (DIB), CMMC unifies existing legislation into a new set of cybersecurity best practices, mapping these best practices and processes to five Maturity Levels ranging from basic cybersecurity hygiene (ML1) to advanced cybersecurity practices (ML5).
Given the range and scope of the services being delivered by the DIB sector, the CMMC framework is designed to support suppliers with varying requirements for cyber hygiene, which will depend on the types of data they store and process as part of their contract. Each of the five Maturity Levels is cumulative, with the level of compliance being defined through each procurement. Notably the primary contractor will now have to flow the relevant level of compliance with procedures and capabilities down to any sub-contractors that its organisation involves in fulfilling DoD contracts, although they may be able to certify at a lower level depending on their role in the contract.
Whereas in the past organisations could self-assess their compliance with the DoD’s cybersecurity requirements, going forward in order to close perceived gaps in assurance and ensure mandatory standards of compliance are maintained across the entire DIB, the assessment must now be completed by an independent Third-Party Assessor Organisation (3PAO). With around 15 procurement programs being switched as of mid-2021, many businesses are expected to be affected by the changes and will need to be certified or risk losing the ability to bid for DoD contracts.
With the CMMC Accreditation Body recommending six months to prepare for certification, companies
CBG has introduced a pre-certification Readiness Assessment that covers
For more details on the service, and how CMMC could affect your business, please contact us at firstname.lastname@example.org or call +44 (0) 1223 843903
by Dom Wordsworth, Solution Director
Find out more about our services: