CMMC Update. Click to keep reading…

CMMC Update. Click to keep reading…

Since the writing of my first article on Cybersecurity Maturity Model Certification (CMMC) over a year ago, the program continues to gain momentum, although somewhat slower than initially anticipated. COVID-19 has caused delays in the accreditation of certified 3rd Party Assessment organizations, and government agency bureaucracy has contributed to the delayed rollout.

In the past four months, I have attended three virtual meetings hosted by customers that addressed CMMC. All three events were attended by several hundred participants. Here are some highlight items from those events:

  • As of November 30, 2020, contracts that stipulate DFARS 252.204-7012 require that the Contractor conduct and complete NIST 800-171 (CMMC predecessor) self audit for cyber-security.
  • The DoD has identified seven pilot programs/contracts that will require some level of CMMC compliance. (3) Navy contracts, (3) Air Force contracts and (1) Missile Defense contract. These contracts will be initiated in 2021.
  • Several civilian agencies and corporations are considering CMMC as a baseline for cyber-security.
  • The number of certified “3rd Party Assessment Organizations” is growing every week. These “C3PAOs” are the organizations that will be responsible for conducting CMMC audits at contractor sites. The limited number of these certified auditors has created a delay for contractor’s certification.
  • The CMMC Accreditation Body – www.cmmcab.org – is a tremendous resource which provides extensive information. On the “Marketplace” page there are over 2,500 companies and individuals listed that can assist with certification or consultation.
  • The current deadline for full compliance is still 2025. This date is likely to change if more C3PAOs cannot be brought online quickly.

Lupton Associates represents a variety of manufacturers that are currently in the process of implementing CMMC. Please reach out to any one of us if you have DoD contract requirements for CMMC.–Commentary provided by Tom Osso, Lupton Associates Business Development

No Comments

Post A Comment