Print Friendly, PDF & Email

CMMC Certification Training

The Cybersecurity Maturity Model Certification (CMMC) is the Department of Defense’s (DoD) newest verification mechanism designed to ensure that cybersecurity controls and processes adequately protect Controlled Unclassified Information (CUI) that resides on Defense Industrial Base (DIB) systems and networks.

September 2020 is an important date for contractors who seek contracts from the DoD. This is when the CMMC will start to be phased in for certain DoD-identified contractors.

When fully operational, the CMMC will be mandatory for all entities doing business with the DoD at any level.

In January 2020 the CMMC released a checklist for contractors to help them better ascertain where they stand in cybersecurity matters and where improvements must be made to obtain DoD contracts.

The CMMC is expected to be included as a component of Requests for Information (RFIs) mid-2020 and will likely be included in Requests for Proposal (RFPs) by late 2020. The required CMMC compliance level will be contained in sections L & M of RFPs, making cybersecurity an “allowable cost” in DoD contracts.

The CMMC Model is based on the best-practices of different cybersecurity standards including NIST SP 800-171, NIST SP 800-53, ISO 27001, ISO 27032, AIA NAS9933 and others into one cohesive standard for cybersecurity. 

The CMMC consists of five levels of controls. Level 1 is designed for businesses that process little or no DoD data, but are on a DoD contract. Level 5 is for major contract bodies with heavy involvement with DoD Supply Chain and data control. This is the highest level of scrutiny and controls applied.

Each CMMC level encapsulates the previous level and adds an additional set of controls.

Prime contractors and their subcontractors, will be required to meet one of the five CMMC trust levels, and demonstrate that cybersecurity has been sufficiently implemented through the completion of independent validation activities.

The Initial Award, or continuance, of a DoD contract will be dependent upon CMMC compliance. According to the Department of Defense, no contractor organizations will be permitted to receive or share DoD information related to programs and projects without having completed the CMMC process.

At the time that a contractor’s contract is up for renewal they must be CMMC compliant.

CMMC was initiated because the DoD felt it needed to screen contractors better due to increased cybersecurity issues. There has also been concerns regarding foreign entities possibly obtaining weaponry information.

Are you a DoD contractor or sub-contractor who needs help making sense of it all? Tonex can help you understand the nuances of CMMC and improve your chances of receiving a DoD contract.

For more information, questions, comments, contact us.

Cybersecurity Maturity Model Certification Training Programs by Tonex