CMMC

Department of Defense (DoD) Cybersecurity

Maturity Model Certification (CMMC)

Overview

CMMC is a DoD certification process to measure a company’s ability to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). CMMC combines cybersecurity standards and maps these best practices and processes to maturity levels, from basic cyber hygiene to advanced/progressive.

All DoD contractors and subcontractors, regardless of their need to access sensitive information, will have their cyber acumen scored on a scale of 1 to 5. The Department of Defense will use the same scale to stipulate in solicitations the CMMC level required.

A CMMC Accreditation Body — a neutral third party that will maintain the standard for DoD –- was established to train and verify third-party cybersecurity certifiers who will conduct audits. Additional information regarding the CMMC Accreditation Body is available at https://www.cmmcab.org/.

All contractors and subcontractors, regardless of their need to access sensitive information, must be audited and scored.

Additional information regarding DoD’s CMMC is available at:

Department of Defense CMMC Information

Schedule

  • CMMC Version 1 released in January 2020
  • CMMC will be included in RFIs starting in Summer 2020
  • CMMC will be included in RFPs starting in Fall 2020

Supplier Impact

Certification of cybersecurity compliance will be required for suppliers to do business with Land Systems and the U.S. DoD. Certification of cybersecurity compliance is led by the Office of Under Secretary of Defense for Acquisition and Sustainment, and CMMC scores will be tracked by the DoD. Again, all companies will require a CMMC rating from 1 to 5, and DoD solicitations may restrict the use of suppliers below a specified CMMC level. In order for a supplier to process, store or transmit CUI, it must be certified at least at CMMC level 3.

Suppliers will be responsible for sourcing, conducting and reporting their CMMC audits via accredited third-party entities.

The CMMC Accreditation Body is developing the process for certifications. Refer to the “Organizations Seeking Certification” section of the CMMC Accreditation Body site for additional information: https://www.cmmcab.org/contractors.

Supplier Training Opportunities

Ohio State University Defense Supply Chain Cybersecurity Resiliency Seminar – focused on GD Land Systems /h4>

– January 19, 2021: Virtual

    Etiam magna arcu, ullamcorper ut pulvinar et, ornare sit amet ligula. Aliquam vitae bibendum lorem. Cras id dui lectus. Pellentesque nec felis tristique urna lacinia sollicitudin ac ac ex. Maecenas mattis faucibus condimentum. Curabitur imperdiet felis at est posuere bibendum. Sed quis nulla tellus.

    ADDRESS

    63739 street lorem ipsum City, Country

    PHONE

    +12 (0) 345 678 9

    EMAIL

    [email protected]