Now that DoD (Department of Defense) has released the final version of the Cybersecurity Maturity Model Certification (CMMC) guidelines, all contractors (and even subcontractors) who work directly or indirectly on Department of Defense contracts should be preparing to obtain there appropriate certification level in order to bid on DoD projects.
CMMC was initiated because the DoD felt it needed to screen contractors better due to increased cybersecurity issues. There has also been concerns regarding foreign entities possibly obtaining weaponry information.
The CMMC (Cybersecurity Maturity Model Certification) is a certification procedure developed by the Department of Defense (DoD) to certify contractors have the controls to protect sensitive data including Federal Contract Information and Controlled Unclassified Information (CUI).
The CMMC Model is based on the best-practices of different cybersecurity standards including NIST SP 800-171, NIST SP 800-53, ISO 27001, ISO 27032, AIA NAS9933 and others into one cohesive standard for cybersecurity.
The CMMC consists of five levels of controls:
- Level 1: Basic Cyber Hygiene – In order to pass an audit for this level, the DoD contractor will need to implement 17 controls of NIST 800-171 rev1.
- Level 2: Intermediate Cyber Hygiene – In order to pass an audit for this level, the DoD contractor will need to implement another 46 controls of NIST 800-171 rev1.
- Level 3: Good Cyber Hygiene – In order to pass an audit for this level, the DoD contractor will need to implement the final 47 controls of NIST 800-171 rev1. Plus, additional controls as required.
- Level 4: Proactive – In order to pass an audit for this level, the DoD contractor will need to implement another 26 controls of NIST 800-171 RevB (still in the Public Comments stage)
- Level 5: Advanced / Progressive – In order to pass an audit for this level, the DoD contractor willneed to implement the final 4 controls in NIST 800-171 RevB.
It’s believed contractors will need to be appropriately certified by the last quarter of 2020 in order to bid on DoD projects.
Tonex has been following the new mandatory certification procedure and now offers training to help contractors and subcontractors meet DoD requirements in order to bid on projects.
For more information, questions, comments, contact us.