Beginning this year, all contractors working for the Department of Defense, even subcontractors, must pass a CMMC (Cybersecurity Maturity Model Certification) Audit to ensure appropriate levels cybersecurity controls and processes are adequate and in place to protect controlled unclassified information (CUI) on DoD contractor systems.
To verify that DoD Contractors have met the appropriate level of cybersecurity controls, the DoD will deploy certified independent third party organizations to conduct audits on DoD Contractor information systems and inform risk. It is from this audit that a DoD contractor will be awarded a certification — or not.
DoD Contractors will need to coordinate directly with an accredited and independent third-party commercial certification organization to request and schedule a CMMC assessment. DoD Contractors will specify the level of the certification requested based on the DoD Contractor’s specific business requirements.
Contractors will be awarded certification at the appropriate CMMC level upon demonstrating the appropriate maturity in capabilities and organizational maturity to the satisfaction of the assessor and certifier.
Tonex has been following the new mandatory certification procedure and now offers training to help contractors and subcontractors meet DoD requirements in order to bid on projects.
For more information, questions, comments, contact us.