Getting CMMC Certified in San Jose, California (CA)
The Cybersecurity Competence Model Certification (CMMC) is the current form of testing developed by the Defense Department (DoD). This credential is the first effort by the Department to create specific criteria for contractors as regards cybersecurity. The CMMC’s overall goal is to enforce an appropriate degree of protection through the defense industrial base (DIB) supply chain. The DIB supply chain includes more than 300,000 businesses, many of which are liable under the CMMC for the security of unclassified knowledge (CUI).
The US DoD agrees the protection of intelligence is a fundamental necessity of the supply chain of the Defense Industrial Base (DIB). As such, the US DoD is dedicated to establishing and implementing a standardized cybersecurity framework for defining necessary protection policies and controls via the DoD Acquisition phase beginning in late 2020. CMMC must identify 5 cybersecurity preparation standards and will be used on the DIB supply chain for all US DoD contracts. About 300,000 DIB employees are expected to be impacted during the 3 to 5-year roll-out, with most seeking a Level 1 or Level 3 qualification.
The various types of CMMC provide growing rates of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI)-focused activities. Those rates are focused on the vulnerability of the security details and the corresponding spectrum of risks to be faced. The procedures and methods come from numerous global guidelines and structures on safety, including ISO 27001, NIST 800-171, among others.
How will it affect you today?
CMMC will not be used instantly for all contractors and will be phased in starting in September 2020 for some DoD-identified contractors. The CMMC is compulsory for any level because it is completely operational for all entities that conduct business with the DoD. Prime contractors and their subcontractors will be required to meet both of CMMC ‘s five trust levels, proving the security has been adequately extended by independent testing practices. The final award or continuance of a DoD contract will be dependent on CMMC approval. Only contracting agencies will be allowed to view or share DoD information related to programs and projects after meeting the CMMC procedure. They ought to reach CMMC at the moment where a project contract is going to be reviewed.
In January 2020, the CMMC will provide a checklist for contractors that will allow them to determine how effectively they currently operate in the program, and to aid in the planning and implementation of security maturity operations. The CMMC will be included by mid-2020 as part of Information Requests (RFIs) and is expected to be used in Program Requests (RFPs) by the end of 2020. Within the L & M portions of the RFPs, the correct degree of CMMC compliance will be defined, rendering cybersecurity an “allowable cost” within DoD contracts.
It uses a 2 entity approach
Professional auditors will perform reviews focused on the required standard of CMMC approval (1-5) which can assess if the DoD contractor complies.
The DoD must assess conformity with the standards of DFARS and NIST and ensure that contractors can manage confidential unclassified material.