Cybersecurity Maturity Model Certification (CMMC)

The Department of Defense under the Secretary of State has recently created the new CMMC (Cybersecurity Maturity Model Certification) program. This program was begun in response to the high amount of government contractors with access to CUI (Controlled Unclassified Information) who have not achieved DFARS (Defense Federal Acquisition Regulation Supplement) compliance.

What this means:

  • All government contractors and their suppliers with CUI data will now be required to comply with both DFARS regulations and CMMC accreditation.
  • The CMMC rating audit will be performed by specific, certified third-party auditors. The scale ranges from 1 as the lowest and 5 as the highest. To access CUI data, a 3 or 4 rating is generally required.
  • Starting in the Fall of 2020, RFP’s (Request for Proposals) will have the CMMC (Cyber Security Maturity Model) requirement. It will appear in at least 10 main net new contracts affecting 1500 businesses. These contracts have not been determined. The ranking attached to the contract will be determined during the RFI (Request for Information) process in the summer requirement. This means that, to acquire a level 3 CMMC contract, you will need to be certified at the same level.
  • SSP’s and POA&M’s will no longer be an acceptable deferment program for CMMC certification.

How F1 can help your business

F1 Solutions is happy to act as your trusted advisor for all things CMMC. We are able to consult on Gaps that exist in your environment based on current CMMC and DFARS controls. We are able to advise you on remedial actions and provide the products and services to help meet controls from these regulations and standards. No one is an expert in CMMC right now since the program is still so new and being developed. However, F1 is making huge efforts to stay up on the latest information coming from the CMMC group and the accreditation board. We have already reached out to several industry partners who’s intent is to become a C3PAO auditor and are working through some logistics at this point. If F1 is not able to certify clients that we have a consulting relationship with, then we will be able assist and identifying the right third party partner to work with.


Free Consultation

CMMC Newly Announce Changes

Here in summary are 3 new realities we must face in the next few years due to these new CMMC announcements:

Bifurcation Is Dead, Back to Third ...

Read more

November CMMC Update

Here are the latest insights into CMMC (2.0):
For most of this year, the DoD, CMMC-AB, and defense contractors were all holding their breaths while the ...

Read more

State of CMMC

Hello all,

I wanted to update you all on the current state of CMMC. My sources have been validated and come from not only those on the AB board but ...

Read more

CMMC State of the Union

Current timeline:
Here are our best guesses at the CMMC timeline today.

Very soon: CMMC Scoping Guide will be released by DoD. This should give ...

Read more

Need help finding ways to reduce business costs? Our FREE eBook has the answer.Learn more here