Can Your Organization Meet the New CMMC?

September 21, 2020

What is CMMC?

The Cybersecurity Maturity Model Certification (CMMC) is a unified standard for implementing cybersecurity across the defense industrial base (DIB).  CMMC builds on DFARS Clause 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting by adding controls in addition to those contained in National Institute of Standards and Technology (NIST) SP 800-171 Rev 2.  It also removes the self-attestation component and replaces it with an audit performed by an authorized auditing entity.

Who does it apply to?

CMMC applies to Department of Defense (DoD) contractors and their sub-contractors that have Controlled Unclassified Information (CUI) data within DIB systems. This includes all suppliers at all tiers along the supply chain, small businesses, commercial item contractors and foreign suppliers.

What do I need to do to comply?

The CMMC establishes five certification levels that reflect the maturity and reliability of a company’s cybersecurity infrastructure to safeguard sensitive government information on contractors’ information systems. The five levels are tiered and build upon each other’s technical requirements. Each level requires compliance with the lower-level requirements and institutionalization of additional processes to implement specific cybersecurity-based practices.

In addition, organizations will need to develop policies, standards, and procedures by having a Written Information Security Program (WISP) aligned to the organizations applicable CMMC level controls. They will also need a System Security Plan (SSP) which outlines the systems containing CUI and a Plan of Action & Milestones (POA&M) for identified risks and remediation activities associated with CUI systems. The SSP and POA&M are key artifacts a CMMC auditor will request to understand the level of compliance within the CUI environment.

How can Dewpoint help?

We have experienced cybersecurity consultants to perform an initial evaluation of where your organization falls within the CMMC certification levels and provide recommendations to move up the scale.  To learn more about how we can help, click here.

Contact Us