Cybersecurity Maturity Model Certification (CMMC)
By: Dean Dorton | May 8, 2020
Question? Contact Us
Dean Dorton's expert technology professionals are now assisting businesses with the CMMC readiness assessment. Saving businesses time, and ensuring that businesses are prepared for upcoming CMMC deadlines.
In an effort to focus on security and resiliency, the Department of Defense (DoD) is working with various industries to enhance the protection of the following types of unclassified information within the supply chain:
Federal Contract Information (FCI)
Controlled Unclassified Information (CUI)
FCI is information provided by or generated for the Government under contract not intended for public release. CUI is information that requires safeguarding of dissemination controls pursuant to and consistent with laws, regulations, and government-wide policies.
Contractors working with FCI or CUI will be required to be certified based on one or more of the five CMMC maturity levels. The levels are as follows:
At a minimum contractors will need to be Level 1 certified. If a contract requires a higher level of certification, the contractor is required to meet that level and all lower levels. The levels build on one another. The level requirement will be specified in Requests for Information (RFI) and Requests for Proposals (RFP) coming from the DoD later this year.
A CMMC timeline has been established with important milestones scheduled in mid to late 2020. These milestones were established prior to the COVID-19 pandemic and may be revised. For now, the guidance we have is:
Actions You Can Take Now
Until the CMMC Assessor requirements are released, it is not possible to receive a certification. However, due to the timeline contractors are likely not going to have sufficient time to be certified unless preparation begins now. Another important note is self-certification will not be allowed.
Dean Dorton’s IT Audit and Compliance team is working with DoD contractors to evaluate and remediate CMMC compliance so that these contractors are ready for the certification process. The compliance readiness assessments can and will be used to shorten the certification process needed later.
If you have any questions regarding how to prepare for CMMC requirements feel free to contact Kevin W. Cornwell at 502.566.1011 or email@example.com or Amy Justice at 859.425.7793 or firstname.lastname@example.org.
Have a question? Click here to contact this representative.
Cybersecurity news: F5 releases an RCE vulnerability fix
WEBINAR: Cybersecurity Maturity Model Certification Guidance
CYBER ALERT: New Bank Fraud Scheme
COVID-19 Creates an Opportunity to Assess your Business Model and Processes
Cybersecurity Concerns as you return to a “New Normal”
Ten ways to make your business better than it was before COVID-19