- (443) 795-5112
- sales@summitbiztech.com
In 2020, the Department of Defense (DoD) rolled out CMMC and then the updated CMMC 2.0 in the fall of 2021. Under the new process the DoD no longer will accept self-attestations or “good faith efforts” toward meeting certain DFARS cybersecurity requirements.
To reduce risk to the defense supply chain, DoD has decided that any Organizations seeking certain certification levels must pass a third-party audit verifying compliance to the Cybersecurity Maturity Model Certification (CMMC).
Every organization that is paid as a result of a DoD contract must comply with the CMMC process, regardless of whether they handle sensitive data(CUI) or not.
However, not all organizations must pass the entire scope of cybersecurity requirements. To address the different levels of data sensitivity, CMMC will have 3 maturity levels, all based on controls from the NIST 800-171 standard. The levels range from basic to advanced cyber hygiene. It is up to each contractor to determine which CMMC level they need to obtain. The higher the level, presumably the stronger a contractor’s competitive advantage.
CMMC is the DoD’s plan to protect the defense infrastructure from continuous cyber threats. Once fully implemented OSCs will need to maintain their adherence to their CMMC level with yearly infrastructure reviews and regular audits or attestations. Failure to maintain compliance may cause the Organizations to lose their certification and possibly their contracts.
Summit Business Technologies is helping multiple contractors meet the NIST 800-171 cybersecurity standards on which CMMC is based. Our cybersecurity compliance experts are highly experienced in cybersecurity controls, and the steps and milestones necessary to achieve compliance.
Organizations that do, cannot provide products and services to DoD until the cybersecurity gaps are remediated and another audit is scheduled and passed. The first step toward compliance is a Gap Analysis to identify existing controls and areas of vulnerability.
