Is your organization ready for the Cybersecurity Maturity Model Certification (CMMC) requirement that will start going into contracts in September 2020? Although the accreditation body for the CMMC is still under development, it is expected to be established in January 2020 with certifications beginning to occur around April or May 2020.
Clients who undertake the process early will have a competitive advantage over those who delay their CMMC readiness. Specifically, they will have:
- Thorough and complete documentation packages ready for the certification on day one,
- Cybersecurity capabilities to identify, protect, detect, respond, and recover from threats, and
- Operationalized cybersecurity programs with optimized performance, cost and schedule acquisition criteria.
Sollievo IT, LLC has been helping clients assess and remediate cybersecurity controls in alignment with the NIST SP800-171 security recommendations that are required by the Defense Federal Acquisition Regulation (DFAR) Supplement 252.204-7012. This puts us in the unique position to help federal contractors who are performing, or seeking to perform contracts for Department of Defense (DoD) agencies with the upcoming Cybersecurity Maturity Model Certification (CMMC) requirement that will start going into contracts in September 2020.
As of this post (October 27, 2019) the accreditation body for the CMMC is still under development. It is expected to be established in January 2020 with certifications beginning to occur around April or May 2020. Katie Arrington, the Special Assistant to the Assistant Secretary of Defense for Acquisition, ASD(A) for Cyber, stated last week that Level 3 will require total compliance with the SP800-171 controls. We know that this can be a bit of a journey for many organizations as there are 110 controls in SP800-171, which decompose into 244 (CUI) + 63 (NFO) controls as mapped against the NIST SP800-53 catalog of security and privacy controls.
To that end, we want to highlight our services around NIST SP800-171 assisting organizations who are taking a proactive approach to CMMC accreditation. Some of the services we can assist with include thorough assessments of the organization’s current cybersecurity program against SP800-171 and implementation of policies, processes, procedures, and technology to provide the foundational cybersecurity that the CMMC is seeking to achieve.
We truly believe that our clients who undertake the process early will have a competitive advantage over those who delay their CMMC readiness. We also believe that implementing and maintaining a foundational cybersecurity posture is beneficial to any business who has not already done so.