Here is a brief update on something called the Cybersecurity Maturity Model Certification (CMMC).  This is a game changer for government contractors dealing with DOD in either a prime or sub contracting capacity and goes into effect January 2020 (timeline below).  For those aware of the significance of CMMC, there is a true sense of urgency that they need to be implementing certain changes to their business now in order to be ready for Sept. 2020. This topic of cybersecurity requirements for government contractors (DOD, Federal and State governments), which is already extending to private sector supply chains, is only going to become more significant to small businesses in the months ahead.
CMMC Bullet Points:
  1. CMMC will require a third party, cybersecurity certification to validate the cybersecurity infrastructure of the company
  2. Will grade cybersecurity infrastructure on a scale of 1 to 5, 5 being the most stringent.
  3. All DOD contract awards will require at least a certification of 1 (increasing cyber strength depending on the level of information involved in the contract)
  4. Standards to be defined by January 2020
  5. Will require a company, Tier 1 and subs, to have the CMMC certification to match the level required on the solicitation prior to being awarded the contract
  6. Certifying companies will be trained and ‘certified’ by June of 2020.
  7. 300,000 DOD contractors will then need to be certified
  8.  Timeline:
    CMMC Rev. 1.0 to be released January 2020
    CMMC will be included in RFI’s starting June 2020
    CMMC will be included in RFP’s starting September 2020
A powerful webinar on the topic will be next Wednesday, the 23rd.  You can register at this website:
https://eresilience.com/cmmc-updates/
For additional updates on CMMC, go to this website:
By Mark Lupo, MBCP, SMP