The good news for the vast majority of defense contractors and subcontractors is that they will not have to exceed Level 3 compliance for CMMC. Level 3 compliance is closely comparable to already-required NIST 800-171. For those that do need to meet Levels 4 or 5 (all levels of CMMC build upon one another), there […]
The short answer is yes — eventually. The interim rule for CMMC became effective on November 30, 2020. The interim rule will also require a Congressional Review. The DoD (Department of Defense) is rolling out CMMC (Cybersecurity Maturity Model Certification) compliance via contract requirements in a phased program. The DoD will specify the required CMMC […]
The advent of the Cybersecurity Maturity Model Certification (CMMC) requirement for defense contractors can look intimidating — and perhaps expensive– to many contractors. On the issue of cost though, there is good news on two fronts. The first is that achieving Level 3 CMMC compliance — the level that will be most commonly needed– will […]
CMMC compliance is not designed to be a one-size-fits-all system. CMMC offers five different levels of compliance and contract requirements will dictate what is required for a project. The levels rise in complexity and requirements from Level 1 through Level 5. Level 1 represents the same requirements as FAR 52.204-21, Basic Safeguarding of Covered Contractor […]
The Cybersecurity Maturity Model Certification regime from the Department of Defense is now a required threshold for defense contractors and contains five distinct levels of compliance. Compliance must be certified by a third party auditor — self-attestation isn’t enough — and there are five separate levels of compliance. Level III, the most common level that […]
Right now, the Department of Defense says that CMMC certifications will remain valid for three years. So, there will be a need for re-assessment and new certification at three year intervals. There is the possibility that this period for required renewals will change as DoD sees the system work in practice.