Home Resources Blog February 2020

DoD Releases CMMC v1.0

07 February 2020
If your company is currently working with or wants to work within the DoD area than you may want to follow along. The Department of Defense (DoD) announced on January 31, 2020 that the Cybersecurity Maturity Model Certification (CMMC) v1.0 has been released.

What is CMMC?

It is estimated that close to $600 billion is lost to cybersecurity crimes globally each year. A large portion of these crimes involve intellectual property (IP) theft which is directly attributable to weak cybersecurity program maturity and a lack of suitable controls amongst organizations.

Within the US Department of Defense, the sharing of Federal Contract Information (FCI) and Confidential Unclassified Information (CUI) throughout the Defense Industrial Base (DIB) greatly expands the cybersecurity risk for the DoD.

As such, the CMMC Program will help assess and enhance the cybersecurity posture of the Defense Industrial Base by outlining best practices and controls distilled from numerous cybersecurity standards into one simplified framework defining maturity levels ranging from basic cyber hygiene to highly advanced practices.

An organization’s CMMC journey will culminate with CMMC certification to one of five levels. CMMC will be rolled out in new DoD contracts within the coming years, beginning in late 2020 with several new DoD RFP’s affecting upwards of 1,500 organizations requiring CMMC certification. CMMC certification will be required prior to contract award, and prime contractors will be required to flow down CMMC requirements throughout their supply chain.

DoD plans to continue the several-year roll-out, with CMMC certification becoming a de facto requirement for all new contract awards. Many primes have already begun reaching out to their supply chain to raise the awareness of this fast-coming requirement.

CMMC Certification will be provided by independent audit bodies such as NQA starting in mid 2020. NQA has been an active participant in the development of the CMMC Program and stands well-positioned to provide CMMC audits as soon as certification is available; NQA will be sharing much information about the CMMC Program in the coming months.

Proactive organizations can request gap assessments to CMMC from NQA now and potentially get ahead of the curve.

What Now?

It is time to prepare for the changes to come. Take some time and read through the CMMC model here. You will have many questions and probably some concerns such as;

  • How will this affect my business?

  • Will my current DOD awarded contracts be in jeopardy if I am not compliant?

  • How much will this cost?

  • Who can help me with my third party audits?

  • How do I implement this standard?

Our team at NQA understands you will need help navigating this new mandatory standard. We are here to help. The time to start preparing is now. Call NQA today at (800) 649-5289 or click contact us and one of our CMMC experts will be in touch.