Cybersecurity Maturity Model Certification (CMMC)

The Department of Defense under the Secretary of State has recently created the new CMMC (Cybersecurity Maturity Model Certification) program. This program was begun in response to the high amount of government contractors with access to CUI (Controlled Unclassified Information) who have not achieved DFARS (Defense Federal Acquisition Regulation Supplement) compliance.

What this means:

  • All government contractors and their suppliers with CUI data will now be required to comply with both DFARS regulations and CMMC accreditation.
  • The CMMC rating audit will be performed by specific, certified third-party auditors. The scale ranges from 1 as the lowest and 5 as the highest. To access CUI data, a 3 or 4 rating is generally required.
  • Starting in the Fall of 2020, RFP’s (Request for Proposals) will have the CMMC (Cyber Security Maturity Model) requirement. It will appear in at least 10 main net new contracts affecting 1500 businesses. These contracts have not been determined. The ranking attached to the contract will be determined during the RFI (Request for Information) process in the summer requirement. This means that, to acquire a level 3 CMMC contract, you will need to be certified at the same level.
  • SSP’s and POA&M’s will no longer be an acceptable deferment program for CMMC certification.

How F1 can help your business

F1 will become a fully certified CMMC auditor once the program training is released in the first quarter of 2020. For our managed clients, we will ensure your business is assessed by a separate authorized third-party at a reasonable cost, so you can achieve CMMC compliance promptly and stay ahead of your competitors.

For those that are not managed clients, we would like the opportunity to start our assessment partnership with you and your team.

Stay tuned to our blog for updates!

Essential reading: Office 365 and Microsoft 365 for commercial and government businessesRead Now