The Cybersecurity Maturity Model Certification (CMMC) is a new set of cyber security guidelines that will incorporate existing NIST SP 800-171, DFARS 7012, and Federal Contract Information safeguarding and handling requirements.
Solicitations issued by the Department of Defense are soon to include requirements for CMMC compliance. By 2025, all DoD solicitations and contracts will require CMMC compliance.
What is CMMC?
The CMMC guidelines are partially derived from NIST 800-171, plus additional controls from other standards such as ISO, FedRAMP, and various NIST frameworks, and many other regulations to create five levels of ‘CMMC Certification’.
The different CMMC levels are reflective of the level of safeguarding required based on the sensitivity of controlled unclassified information and/or federal contract information being handle by an organization. the type of cyber security compliance level that a contractor will need to attain for a particular DoD and/or U.S. Federal Government contract.
CMMC also requires a 3rd party audit in order to achieve “official CMMC certification” based on an assessment by a Third-Party Assessment Organization (C3PAO), which are overseen and vetted by the CMMC Accreditation Body (CMMC-AB).
What can you do to prepare for CMMC?
- Step one is to get NIST SP 800-171 documentation out of the way. This will help with mapping those security controls and keep you compliant with the current DFARS clause.
- The second step is to map your NIST SP 800-171 assessment to the CMMC requirements. This will also inform you of the gaps found during mapping and allow for planning and implementation of solutions to address these gaps.
- The third step is to find an authorized 3rd party Managed Security Service Provider (MSSP), such as TestPros, to audit your CMMC assessment and give you a certification for the level you need. TestPros already provides these same exact independent security auditing services for our customers using the existing 800-171 security guidelines.
For many DoD contractors, the most effective way to meet the CMMC cyber security requirements is to outsource the task to a MSSP that specializes in highly regulated environments. TestPros can help:
- Conduct a pre-assessment for CMMC
- Develop an SSP and POA&M
- Implement the NIST SP 800-171 requirements
- Prepare for and pass an upcoming CMMC assessment
- Provide managed information system, compliance, and security services.
If you want to gain a competitive advantage, consider being first in line to achieve the highest CMMC Level that aligns with your business objectives.
For more information on TestPros CMMC MSSP services, please contact us.