
Sign up to save your podcasts
Or
The Department of Defense (DoD) has released its final cybersecurity standards. Cybersecurity Maturity Model Certification (CMMC) is the name of the new standard. As a result of the new CMMC certification, all DoD contractors require this certification. Next, we will go into detail on the different levels of certification.
CMMC ModelThe Cybersecurity Maturity Model Certification has five levels. Most contractors working with unclassified information must obtain CMMC level one. CMMC Level one is the lowest level. For instance, the more sensitive the data that a contractor handles, the higher the level of certification that they will need to receive under this certification. Every certification level will require an in-person check by independent assessors. In addition to contractors requiring certification, assessors require certification too. Why did the government change its cybersecurity model? That is what we will discuss next.
Why CMMC?Why did DoD decide to implement the CMMC certification? Because the government realized that a checklist security and self-assessment model was failing. U.S. adversaries were exploiting defense contractors resulting in the leaking of our national security secrets. The DoD believes that the CMMC standards will stop U.S. adversaries from breaching defense contractors' systems. As a result, contractors now need to pay a certified assessor to physically inspect their operations to ensure that they comply with one of the five levels of security. Besides defense contractors, the CMMC assessors must obtain training and are managed by a nonprofit board comprised of industry and academic partners.
Next, we will discuss the cost to obtain this certification.
How Much Will the CMMC Certification Cost?Unfortunately, the cost of the CMMC assessment depends upon several factors to include the CMMC level, the complexity of the company’s network, and other market forces. Once certified, the certification will be valid for three years. While any certification is not cheap, it is a necessity. Fortunately, contractors can expense the certification cost to allowable, reimbursable cost; thus, it is not prohibitive. Please see FAR Clause 52.204-21 for more information. That is if you win a DoD contract. Now, if your company provides only Commercial-Off-The-Shelf (COTS) products, then you do not require a CMMC certification. These are the only businesses not required to obtain the certification.
Next up are subcontractors required to obtain this certification?
Are Subcontractors Require to Obtain CMMC Certification?Yes, subcontractors will need to obtain the certification. However, the level of certification will depend on the type and nature of the information that flows down from your prime contractor. Next, we will provide a link for more information.
Where can I find out more information?You can find out more information at https://www.cmmcab.org/. As these details for this certification are still being worked out you may want to sign-up for email notifications from the above site. Now on to the summary.
SummaryYou can expect CMMC requirements to begin to appear in RFIs and actual solicitations. If a contractor does not meet the contract's requisite level of security under this framework then they will not be able to bid on the contract.
For more articles, please click here.
Support our channel:
Continued support: http://bit.ly/FCMEPatreon
One-Time Support: https://www.paypal.me/FCME801
The Department of Defense (DoD) has released its final cybersecurity standards. Cybersecurity Maturity Model Certification (CMMC) is the name of the new standard. As a result of the new CMMC certification, all DoD contractors require this certification. Next, we will go into detail on the different levels of certification.
CMMC ModelThe Cybersecurity Maturity Model Certification has five levels. Most contractors working with unclassified information must obtain CMMC level one. CMMC Level one is the lowest level. For instance, the more sensitive the data that a contractor handles, the higher the level of certification that they will need to receive under this certification. Every certification level will require an in-person check by independent assessors. In addition to contractors requiring certification, assessors require certification too. Why did the government change its cybersecurity model? That is what we will discuss next.
Why CMMC?Why did DoD decide to implement the CMMC certification? Because the government realized that a checklist security and self-assessment model was failing. U.S. adversaries were exploiting defense contractors resulting in the leaking of our national security secrets. The DoD believes that the CMMC standards will stop U.S. adversaries from breaching defense contractors' systems. As a result, contractors now need to pay a certified assessor to physically inspect their operations to ensure that they comply with one of the five levels of security. Besides defense contractors, the CMMC assessors must obtain training and are managed by a nonprofit board comprised of industry and academic partners.
Next, we will discuss the cost to obtain this certification.
How Much Will the CMMC Certification Cost?Unfortunately, the cost of the CMMC assessment depends upon several factors to include the CMMC level, the complexity of the company’s network, and other market forces. Once certified, the certification will be valid for three years. While any certification is not cheap, it is a necessity. Fortunately, contractors can expense the certification cost to allowable, reimbursable cost; thus, it is not prohibitive. Please see FAR Clause 52.204-21 for more information. That is if you win a DoD contract. Now, if your company provides only Commercial-Off-The-Shelf (COTS) products, then you do not require a CMMC certification. These are the only businesses not required to obtain the certification.
Next up are subcontractors required to obtain this certification?
Are Subcontractors Require to Obtain CMMC Certification?Yes, subcontractors will need to obtain the certification. However, the level of certification will depend on the type and nature of the information that flows down from your prime contractor. Next, we will provide a link for more information.
Where can I find out more information?You can find out more information at https://www.cmmcab.org/. As these details for this certification are still being worked out you may want to sign-up for email notifications from the above site. Now on to the summary.
SummaryYou can expect CMMC requirements to begin to appear in RFIs and actual solicitations. If a contractor does not meet the contract's requisite level of security under this framework then they will not be able to bid on the contract.
For more articles, please click here.
Support our channel:
Continued support: http://bit.ly/FCMEPatreon
One-Time Support: https://www.paypal.me/FCME801