Preparing for your CMMC Assessment is not just implementation of toolsets to meet controls. A large part of the assessment deals with policies, procedures and how your business deals with CUI and FCI. You’re busy running your business and may not have time to learn all of the ins and outs of CMMC, attend all of the town hall meetings and stay abreast of all the enhancements in the standard. This is why you assistance from Summit! Our CMMC consultants are well-versed, trained and authorized by the AB to assist OSCs in their preparation for their official assessment.
I’m not part of the Defense industry, should I care?
For now, obtaining and maintaining a CMMC certification is only a requirement for Defense contractors, but many within the industry don’t expect that limitation to last long. Currently, CMMC requirements will begin to be required in Defense RFIs and RFPs as early as late Spring 2025.
Up until recently the discussion about a broader Federal rollout was considered an eventual or 10 year timeline. That, however, has changed. We are now seeing the CMMC language in other federal contracts including the most recent GSA STARS III contract. The new contract from GSA states it “reserves the right” to require CMMC certifications for small businesses awarded spots on the governmentwide IT contracting vehicle and “While CMMC is currently a DoD requirement, it may also have utility as a baseline for civilian acquisitions; so it is vital that contractors wishing to do business on 8(a) STARS III monitor, prepare for and participate in acquiring CMMC certification,” meaning that we could be seeing similar certifications and requirements rolled out though all federal agencies.
What do I need to do now?
The CMMC requirements only affect the defense industrial base. However, that doesn’t mean you should turn a blind eye to this either. CMMC is based on NIST 800-171, which is a standard for all government FCI and CUI. CMMC is specifically focused on DOD, however there has been movement with CUI Far Rule which will most likely codify NIST 800-171 for all federal agencies. Becoming familiar with NIST 800-171 and its requirements is a proactive approach to strengthen compliance posture and position organizations advantageously for future regulatory demands.
With a rise of cybercrime and system attacks during the pandemic and a shift to a more remote and cloud-based work force, establishing a more robust cyber security infrastructure is more important now than ever before. With the average loss to a company of $2.7 Million that same year, properly securing your infrastructure client data and intellectual property against a malicious attack could save your company millions in losses.
How can Summit Help?
At Summit Business Technologies our team utilizes our 30+ years of experience to assist you in securing your organization’s data. Our team of cybersecurity and compliance consultants, including CMMC certified professionals and assessors, can help you prepare for your official CMMC assessment. With our vCSO services, we will be there to guide you through every step of the remediation process and continuing compliance.
If you would like to know more about our security team offerings contact us at sales@summitbiztech.com or give us a call at 443-795-5112.