The Department of Defense has created a new cybersecurity standard and certification requirement for defense contractors called the Cybersecurity Maturity Model Certification (CMMC). It’s sole purpose is to reduce the exfiltration of Controlled Unclassified Information (CUI) from the Defense Industrial Base (DIB) and secure the supply chain through the implementation of 48 CFR 52.204-21, NIST SP 800-171, DFARS Clause 7012, among other standards.
The Department of Defense has created a new cybersecurity standard and certification requirement for defense contractors called the Cybersecurity Maturity Model Certification (CMMC). It’s sole purpose is to reduce the exfiltration of Controlled Unclassified Information (CUI) from the Defense Industrial Base (DIB) and secure the supply chain through the implementation NIST SP 800-171, among other standards.
- CMMC efforts build upon existing regulation (DFARS 252.204-7012) that is based on trust by adding a verification component with respect to cybersecurity requirements.
- The goal is for CMMC to be cost-effective and affordable for small businesses to implement at the lower CMMC levels.
- The intent is for certified independent 3rd party organizations to conduct audits and inform risk.
DoD Contractors need to determine which CMMC level they want or need to obtain and implement the controls necessary for compliance. Contractors that have already implemented NIST SP 800-171, ISO 9001, ISO/IEC 20000-1 and ISO/IEC 27001, should be 85-90% compliant to the new CMMC requirements.
The CMMC Program Establishes Security as the Foundation to Acquisition
In December 2019, The Defense Department anticipated that by June 2020, “…industry will see cybersecurity requirements included as part of new requests for information”*. So we expect CMMC to be a requirement in DoD RFP’s during calendar year 2021. *Source: Cybersecurity Requirements Likely for Defense Contracts by June 2020
Many Defense Industrial Base (DIB) Contractors are Unprepared
Many small to medium size DIB contractors lack formal policies, practices and supporting documentation required to meet the CMMC standard. Our CMMC Solutions and Services include performing a gap analysis to identify deficiencies and assist you in the design and implementation of processes and practices required by your CMMC level. You will be ready for your CMMC assessment audit. However, this takes time and dedicated resources to develop and implement good cybersecurity compliance – DO NOT procrastinate.
CMMC Assessment and Certification Services
SofiaITC has applied to become a Registered Practitioner, Assessor, and Registered Provider Organization with the Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB); along with being strategically partnered with C3PAO’s. We will deliver CMMC assessments for Organizations Seeking Certification (OSCs).
SofiaITC can assist DoD contractors in preparing for CMMC. Contact us to learn everything you need to know about preparing for the Cybersecurity Maturity Model Certification (CMMC), which is mandatory for DoD contractors.
Virtual Chief Information Security Officer (vCISO)
SofiaITC provides vCISO’s to organizations that need security expertise and guidance by performing CMMC practice performance compliance/evidence maintenance, CMMC policy, practices and overall compliance review, and CMMC assessment support services (Assessor Liaison support). Our team of experts have decades of experience; building information security programs that work with business objectives and show measurable improvement to security posture based on NIST 800-171, NIST 800-53, FISMA, DIACAP, FedRamp, and Risk Management Framework.