last changes: January 7th 2021
WHAT IS CMMC?
In an effort to simplify the requirements for Department of Defense (DOD) contractors, the DOD is in the process of rolling out a new cybersecurity framework standard called the Cybersecurity Maturity Model Certification (CMMC). This new umbrella standard includes requirements from NIST 800-171, the Federal Acquisition Requirements (FAR) document 52.204-21 and beyond. This new standard will replace NIST 800-171 on DoD RFIs and RFPs. Most organizations that do business with the DOD will be required to undergo an audit by an authorized auditing entity before bidding on a contract or subcontracting to a prime.
Here is quick 3 minute summary of the CMMC for DOD contractors: CMMC Compliance – A Quick Overview.
CMMC IN MORE DETAIL
The CMMC consists of two factors, each with 5 maturity levels of certification:
The first factor is the processes, things such as whether policies, standards, and procedures exist and ranging in maturity levels from Performed (Level 1) to Optimized (Level 5). The second factor is the practices, which is a checklist of cybersecurity items that range from Basic Cyber Security Hygiene (Level 1) to Advanced/Progressive (Lvl 5). In order to meet a specific level’s requirements, organizations will be required to meet both, Process and Practice requirements for that level. Companies who pass this certification process will receive a certificate that is valid for 3 years.
For a more detailed description of the 5 different levels and their respective requirements see CMMC Certification Levels.
The DoD will start rolling out contracts requiring CMMC certification in 2021. According to the current timeline, all contract will have a CMMC compliance and certification requirement by 2026.
CMMC CERTIFICATION PROCESS
Here are some rough time estimates and a general overview of the CMMC Certification Process.
HOW WE CAN HELP
Due to our status as a CMMC Registered Provider Organization™ (CMMC-RPO), Ecuron can perform pre-assessment services which include CMMC gap analysis, implementation help, CMMC pre-assessments. We do not conduct the final Certified Assessments.
Depending on your current cybersecurity status as well as the CMMC Level you are required to achieve, implementation of the new standard will take several months. Starting now by implementing the likely requirements and cyber security best practices will save you valuable time and will get you ahead of the curve and competition.
We offer the following CMMC Services:
- CMMC GAP Analysis / CMMC Readiness Assessment
See where you stand and which areas you have to address to achieve compliance
- CMMC Consulting Service/ CMMC Implementation Help / CMMC Pre-Assessment
Get help achieving compliance quickly and be ready for the CMMC certification audit (CMMC Assessment). We are at your side, to provide a clear implementation path, help with documentation, recommending and implementing suitable controls, monitoring and performing a pre-assessment prior to the final audit.
Join Our CMMC Notification List
Sign up below and we will notify you about any CMMC service updates.