The CMMC Has Landed
We knew it was coming, and now it has
Starting the beginning of this year, the CMMC has begun to roll out for all contracting companies seeking to do business with the government.
What is it?
We have a fairly comprehensive break down of CMMC 1.0 here. However, suffice it to say that the Cybersecurity Maturity Model Certification or the CMMC is a set of standards that the government has had plans to implement as expectations for all contracting companies that seek to do business with the DoD. This Certification differs from previous cyber security efforts because there will be no self-assessment or attestment for the standards. Instead, there will be an independent assessing body that will review your policy and procedures to ensure compliance to the CMMC.
Does it affect me?
We know what you are thinking, does this affect me? The answer to that is, if you work within the contracting arena and have sought or seek to do business with the DoD then yes, these standards are something that you should seek to meet. However, the standards for levels 1-3 enforce policy and procedures that are important for almost all companies to implement.
What can I do?
According to the Federal News Network, Ellen Lord, the undersecretary of Defence for acquisition and sustainment, said at a press briefing that “Obviously this is a complicated rollout for industry, and we’re being realistic in terms of making sure we have pathfinder projects that we’ll implement, and then learn, get the feedback and go on.” This likely means that this will be a gradual roll out, in fact they are looking at 2026 before this reaches all DoD procurement contracts. However, keeping a good cyber security posture and maturity in today’s market is essential to keep your company and its assets as safe from external threats as possible.
The Bottom Line
The CMMC has started to roll out this year. This is an effort form the DoD to standardize all cybersecurity within contracting companies. This is an ongoing effort that we at JLGOV have been following closely and will post updates as we come across them.
About The Author
Randy Rice is a lifelong tech enthusiast with experience in company security compliance assessments. He has been with JLGOV since 2019.
Please report any corrections or typos/errors to firstname.lastname@example.org