Department of Defense (DoD) Finalizes CMMC for Government Contractors (Federal Computer Week)

According to an article in Federal Computer Week (Pentagon finalizes CMMC standard for contractors), the Pentagon has released the official version 1.0 of the Cybersecurity Maturity Model Certification (CMMC) standard that Department of Defense (DoD) contractors must start to meet in the fall of 2020 and all will need to meet by 2026.

Here are some key facts you need to know:

On January 31, 2020, the Pentagon released its official version (1.0) of its unified cybersecurity standard that all contractors must meet by 2026.
The Cybersecurity Maturity Model Certification (CMMC) will apply to any company that does business with the Department of Defense. CMMC applies to contractors and subcontractors.
Ellen Lord, Under Secretary of Defense for Acquisition and Sustainment, indicated that CMMC will be complex, which is why there is a five-year timeline.
Katie Arrington, Chief Information Security Officer for Defense Acquisition, said that the DoD plans to release 10 Requests for Information and 10 Requests for Proposal in 2020 that will include CMMC. Certification will be required of contractors and subcontractors when the contract is awarded.

DoD Has Concerns for Small Businesses

One of the issues that exists within the DoD and the business community is how small businesses will be able to meet the standards. Undergoing an assessment is one step in the process. Businesses that are not in compliance with the new standards will have to make changes which could add significant costs.

Here are some key takeaways from the article in Federal Computer Week:

Small and mid-sized businesses should gather information on how to work within the DoD’s framework. One step is to contact the DoD’s industry policy team, which will be able to connect businesses with CMMC experts. A second option is to work within industry associations. A third is to look at resources being offered by prime DoD contractors, many of whom are starting to release guidelines.
Understand the framework of the CMMC guidelines, which closely resemble the existing NIST Cybersecurity Framework.
Companies should look for ways now to assess their cybersecurity status and whether or not they have the right processes and personnel in place.

The Federal Computer Week (FCW) story can be read here: Pentagon finalizes CMMC standard for contractors

About the Author: Michael Hackmer

Michael Hackmer is part of the ISMS strategic team focused on cybersecurity. At ISMS Applications, our mission is to provide technology that cost effectively automates the building and maintenance of compliance policies for the small to medium sized business (SMB) market, fostering security across the entire supply chain.

Department of Defense (DoD) Finalizes CMMC for Government Contractors (Federal Computer Week)

Department of Defense (DoD) Finalizes CMMC for Government Contractors (Federal Computer Week)

Share This Story, Choose Your Platform!

About the Author: Michael Hackmer

Related Posts

CMMC Is Here, But NIST 800-171 Isn’t Going Away Anytime Soon

Who Pays For CMMC Certification? What Will It Cost?

Survey Finds DoD Contractors Know Little About Cybersecurity Standards / CMMC (FedScoop)

Experts Discuss the Cybersecurity Maturity Model Certification (CMMC) Impact On Suppliers, Part 2

Experts Discuss the Cybersecurity Maturity Model Certification (CMMC) Impact On Suppliers, Part 1

Is Your Company A DoD Contractor?

Are you a contractor for the DoD and want to learn more about the new requirements under CMMC?Visit ISMS Applications CMMC or Exostar CMMC for more information.

Are you a contractor for the DoD and want to learn more about the new requirements under CMMC?
Visit ISMS Applications CMMC or Exostar CMMC for more information.