Business losses due to cybercrime is expected to top $5 trillion by 2024 and the threat this poses to the Defense Industrial Base (DIB) is alarming. With over 300,000 businesses and organizations that make up the DIB, a cyber-attack could result in devastating losses of intellectual property and controlled unclassified information. The Office of the Under Secretary of Defense for Acquisition & Sustainment, along with the Department of Defense (DoD), created the Cybersecurity Maturity Model Certification (CMMC) to strengthen and align cybersecurity posture within the DIB supply chain.

The Cybersecurity Maturity Model Certification (CMMC) will be a requirement for all Department of Defense (DoD) contractors, sub-contractors and suppliers to bid on any RFPs beginning Fall 2020. While only a handful of DoD RFPs will initially require CMMC compliance the certification process is extensive and is best started well in advance.

Prepare for CMMC

Begin your CMMC preparation by understanding and identifying the CMMC maturity level your organization needs to fulfill your contract requirements as a certified supplier from basic to advanced. Once CMMC is fully implemented, ALL DIB businesses will be required to hold a CMMC certification prior to bidding.

The CMMC framework is based on maturity processes and cybersecurity best practices from multiple industry standards, including National Institute of Standards and Technology (NIST), along with recommendations from the DIB community and DoD.

A Gap Analysis is the first step in measuring your current security practices, policies and procedures against CMMC. Once gaps are defined a remediation plan should be developed for the organization to achieve the appropriate level of compliance. This process may include solution implementation & configuration, policy development and systems patching and configuration.

Many DIB organizations simply do not have the time or staff to accomplish this lengthy pre-certification process and may engage with trained cybersecurity professionals to assist with their CMMC roadmap with a CMMC Readiness Assessment. Only after completion of the CMMC Readiness Assessment is the DIB ready to schedule a CMMC Certified Assessment and receive CMMC Certification.

Have questions about CMMC? Our team of cybersecurity consultants are here to help.