Are you ready?
The Cybersecurity Maturity Model Certification (CMMC) is already taking the defense industry by storm. A new, three-level compliance standard from the U.S. Department of Defense, CMMC establishes the guidelines that your organization must adhere to in order to work on future DoD contracts.
What Is CMMC?
A Brief Overview
The three-level, system determines not only what specific Defense contracts your company can work on, but whether or not your company is eligible to work on Defense contracts at all. Sabre On Point can assist your company in preparing for CMMC, so you’ll be compliant and can bid on contracts.
The Cybersecurity Maturity Model Certification incorporates various cybersecurity standards and “best practices” that are mapped across several maturity levels ranging from: 1 (Foundational) , 2 (Advanced), and 3 (Expert) each building off of the last.
Each level has associated compliance processes, that, when implemented, will reduce risks against a specific set of cyber threats.
How Does It Work?
A Two-Entity Approach
Auditors: Independent auditors will conduct evaluations based on the desired CMMC certification level (1-3) and determine if the DoD contractor is compliant.
Department of Defense: The DoD will measure compliance with the DFARS and NIST requirements to ensure contractors are handling sensitive unclassified information properly.
CMMC Model 2.0
Level 1 Foundational
17 practices with an annual self-assessment.
Level 2 Advanced
110 practices aligned with NIST SP 800-171. Triennial third-party assessments for critical national security information; Annual self-assessments for select programs.
Level 3 Expert
110+ practices based on NIST SP 800-172. Triennial government -led assessments.
Who Is Affected and How?
- Teams and Subcontracting: Potential for Stricter Vendor Approval Processes With Larger Firms
- Small Business Vendors and Start-Ups: Potential Barrier For Entry
Risks of Noncompliance
- Pass/Fail Evaluation
- Failure Bars You From Work on DoD Contracts.
- A Low Score Limits Your Contract Availability.
- All Primes and Subs MUST Have a CMMC Certification Prior To Contract Award.
What Major Challenges Are There?
- Migration to Office 365 GCC High
- SIEM Solutions
- Backup Solutions
- Managing Non-Supporting Hardware/Software
- Identifying, Categorizing, and Labelling CUI