The Cybersecurity Maturity Model Certification (CMMC) is a new set of cyber security guidelines that will replace NIST 800-171 on DoD contracts. The CMMC guidelines are partially derived from NIST 800-171, plus additional controls from other standards such as ISO, FedRAMP, and various NIST frameworks, and many other regulations to create five levels of ‘CMMC Certification’ that will reflect the type of cyber security compliance level that a contractor will need to attain for a particular DoD and/or U.S. Federal Government contract. CMMC also requires a 3rd party audit in order to achieve “official CMMC certification”.
The DoD plans to release version 1.0 of CMMC in January 2020. This leaves contractors just six months to prepare before CMMC starts appearing in Requests for Information (RFIs) in June 2020.
What can you do now to prepare?
- Step one is to get NIST 800-171 documentation out of the way. This will help with mapping those security controls and keep you compliant with the current DFARS clause.
- The second step is to map your 800-171 assessment to the CMMC requirements once they’re released in early 2020. This will also inform you of the gaps found during mapping and allow for planning and implementation of solutions to address these gaps.
- The third step is to find an authorized 3rd party Managed Security Service Provider (MSSP), such as TestPros, to audit your CMMC assessment and give you a certification for the level you need. TestPros already provides these same exact independent security auditing services for our customers using the existing 800-171 security guidelines.
For many DoD contractors, the most effective way to meet the CMMC cyber security requirements is to outsource the task to a Managed Security Service Provider (MSSP) that specializes in CMMC Consulting. We can help:
- Conduct a pre-assessment for CMMC
- Develop an SSP and POA&M
- Implement the NIST 800-171 requirements
- Prepare for and pass an upcoming CMMC audit
If you want to gain a competitive advantage, consider being first in line to achieve the highest CMMC Level that lines up with your business objectives.
Contact us to learn more today!
For more information on TestPros CMMC MSSP services, please contact us.