ARE YOUR DOD CONTRACTS AT RISK?

If you're not CMMC certified, you won't be able to do business with the Department of Defense.

Image

WHAT YOU NEED TO KNOW

About CMMC 2.0

The Cybersecurity Maturity Model Certification (CMMC) program establishes a set of standards that over 300,000 organizations must meet to be eligible to bid on or renew contracts with the U.S. Department of Defense (DoD).

It is designed to protect sensitive unclassified information shared by the Department with its contractors and subcontractors. The program incorporates a set of cybersecurity requirements into acquisition programs and provides the Department increased assurance that contractors and subcontractors are meeting these requirements.

The framework has three key features:

  • Tiered Model: CMMC requires that companies entrusted with national security information implement cybersecurity standards at progressively advanced levels, depending on the type and sensitivity of the information. The program also sets forward the process for information flow down to subcontractors.
  • Assessment Requirement: CMMC assessments allow the Department to verify the implementation of clear cybersecurity standards.
  • Implementation through Contracts: Once CMMC is fully implemented, certain DoD contractors that handle sensitive unclassified DoD information will be required to achieve a particular CMMC level as a condition of contract award.

CMMC 2.0

In September 2020, the DoD published an interim rule to the DFARS in the Federal Register (DFARS Case 2019-D041), which implemented the DoD’s initial vision for the CMMC program (“CMMC 1.0”) and outlined the basic features of the framework (tiered model, required assessments, and implementation through contracts). The interim rule became effective on November 30, 2020, establishing a five-year phase-in period.

In March 2021, the Department initiated an internal review of CMMC’s implementation, informed by more than 850 public comments in response to the interim DFARS rule. This comprehensive, programmatic assessment engaged cybersecurity and acquisition leaders within DoD to refine policy and program implementation.

In November 2021, the Department announced “CMMC 2.0,” an updated program structure and requirements designed to achieve the primary goals of the internal review:

  • Safeguard sensitive information to enable and protect the warfighter.
  • Dynamically enhance DIB cybersecurity to meet evolving threats.
  • Ensure accountability while minimizing barriers to compliance with DoD requirements.
  • Contribute towards instilling a collaborative culture of cybersecurity and cyber resilience.
  • Maintain public trust through high professional and ethical standards.

LET US HELP YOU

Get CMMC Certified

Our cybersecurity experts can perform a comprehensive gap analysis and determine your current SPRS score, as well as work with you on a plan to resolve any areas of non-compliance. As a full-service I.T. firm, we can also implement solutions to address gaps so you are both compliant and ready for CMMC certification.

Assess Icon

Assess

We conduct a thorough gap analysis and compare your current network with the NIST SP 800-171 & CMMC requirements. This reveals areas to address for compliance.

Plan Icon

Plan

We prepare a System Security Plan (SSP) and Plan-of-Action & Milestones (POAM) based on the analysis. This serves as documented evidence to show you're working toward compliance.

Implement Icon

Implement

We help you implement the suggestions based on the POAM. The solutions can vary -- from something as simple as implementing multi-factor authentication to updating infrastructure.

hexagon shapehexagon shapehexagon shapehexagon shapehexagon shapehexagon shapehexagon shapehexagon shapehexagon shape

SCHEDULE YOUR ANALYSIS

With One of Our Experts

Name*
This field is for validation purposes and should be left unchanged.