MCNTMA Valued Associate Member – The AME Group
Data Protection Experts for New DoD CMMC Requirement
What is CMMC?
In a nutshell, it is a way to understand how mature a company is with their security practices and to set standards for companies who work with the Department of Defense (DoD) to protect controlled unclassified information (CUI) and ultimately reduce the likelihood of a breach caused by those businesses. CMMC is currently in a draft version.
The U.S. DoD is working with the Defense Industrial Base (DIB) sector to enhance the protection of sensitive data – particularly Federal Contract Information (FCI) and CUI within the supply chain. The theft of hundreds of billions of dollars of intellectual property (IP) by malicious cyber activity threatens the U.S. economy and national security. These threats are estimated to cost the U.S. between $57 B and $109 Billion in 2016, and threats are only rising. The theft of IP is attributed to poor cybersecurity maturity and ineffective implementation of controls.
These guidelines combine various cybersecurity control standards (NIST, ISO, AIA and others) into one unified standard, but unlike NIST SP 800-171, the CMMC will implement five (5) levels and take into consideration to what extent your company practices the standards.
How will CMMC impact your business?
Starting June 2020, whether you are the contracting business or a subcontractor, you MUST obtain your Certification if you want to do business with the DoD. There are 5 levels of maturity, but not every type of contract requires the highest level. The level required will depend on the amount of CUI your company handles, even if you think it none. The required CMMC level will be contained in the L&M section of the Request for Proposals (RFP) making cybersecurity an “allowable” cost in the DoD contacts.
This will be implemented initially with only DoD contracts, but don’t be surprised to see it applied to other government entities. For additional details and contact info – https://www.theamegroup.com/cybersecurity-maturity-model-certification/