GOVERNANCE, RISK AND COMPLIANCE

CMMC

The Cybersecurity Maturity Model Certification (CMMC) is already taking the defense industry by storm. A three-level compliance standard from the U.S. Department of Defense, CMMC establishes the guidelines that your organization must adhere to in order to work on future DoD contracts. 

What Is CMMC?​

A Brief Overview

The three-level, system determines not only what specific Defense contracts your company can work on, but whether or not your company is eligible to work on Defense contracts at all. Sabre On Point can assist your company in preparing for CMMC, so you’ll be compliant and can bid on contracts.

The Cybersecurity Maturity Model Certification incorporates various cybersecurity standards and “best practices” that are mapped across several maturity levels ranging from:1 (Foundational) , 2 (Advanced), and  3 (Expert) each building off of the last.

Each level has associated compliance processes, that, when implemented, will reduce risks against a specific set of cyber threats.

How Does It Work?

A Two-Entity Approach

Auditors​: Independent auditors will conduct evaluations based on the desired CMMC certification level (1-3) and determine if the DoD contractor is compliant. 

Department​ of Defense​: The DoD will measure compliance with the DFARS and NIST requirements to ensure contractors are handling sensitive unclassified information properly.

CMMC Model 2.0

Level 1 Foundational

17 practices with an annual self-assessment.

Level 2 Advanced

110 practices aligned with NIST SP 800-171. Triennial third-party assessments for critical national security information; Annual self-assessments for select programs.

Level 3 Expert

110+ practices based on NIST SP 800-172. Triennial government -led assessments.

Who Is Affected and How?

  • Teams and Subcontracting: Potential for Stricter Vendor Approval Processes With Larger Firms​
  • Small Business Vendors and Start-Ups: Potential Barrier For Entry​
Cybersecurity Maturity Model Certification (CMMC)

Risks of Noncompliance

  • Pass/Fail Evaluation​
    • Failure Bars You From Work on DoD Contracts.​
    • A Low Score Limits Your Contract Availability.​
  • All Primes and Subs MUST Have a CMMC Certification Prior To Contract Award.​
Cybersecurity Maturity Model Certification (CMMC)

What Major Challenges Are There?

  • Migration to Office 365 GCC High​
  • SIEM Solutions​
  • Backup Solutions​
  • Managing Non-Supporting Hardware/Software​
  • Identifying, Categorizing, and Labelling CUI​
Cybersecurity Maturity Model Certification (CMMC)

FREE CMMC ARTICLE

Cybersecurity Maturity Model Certification (CMMC)
We Need to Go That Way!
Staying Competitive with Cybersecurity Maturity
Model Certification Requirements