Cybersecurity Maturity Model Certification
Looking to Do Business with the Department of Defense? You Have to Get Certified!
By 2025, the Department of Defense (DoD) will require that all defense contractors submitting a bid on defense contracts will need to prove that they are certified in a basic level of cybersecurity standards.
The DoD designed the Cybersecurity Maturity Model Certification (CMMC) as a unified standard for defense contractors to address cybersecurity issues. Between 2021 and 2025, new DoD requests for proposals (RFP) will gradually begin requiring CMMC certification.
Within five years, every DoD contractor and supplier will need to be audited and certified by an approved third-party auditor. Preparing for this audit can take a company six months to two years. As such, many small and medium sized businesses grapple with finding the proper staff and financial resources it takes to ensure they’re meeting security regulations.
Pennsylvania is the 7th largest state in defense in DOD contract awards. The DoD is a massive government buyer, and defense suppliers need assistance to maintain and grow their share of the business. Specifically, the PA Industrial Resource Centers (IRCs) will increase their services to help defense suppliers make progress towards the Cyber Security Maturity Model (CMMC). The IRCs are assisting companies with developing a draft of their System Security Plan as well as a Plan of Action and Milestones to provide direction for closing gaps as they prepare for their CMMC audit.
Catalyst Connection recently published a no-cost eBook: CMMC – What You Need to Know. The guide to CMMC describes the key steps companies should take to prepare for certification – and important dates to remember along the way. There are five levels to CMMC, and some contractors will want to obtain a higher level than others. At a minimum, all contractors are required to obtain Level 1 certification. The guide goes into further detail about what obtaining each level means for your organization.