The Department of Defense is planning a phased rollout of CMMC requirements over the next several years. As CMMC requirements are issued on a per-contract basis, the phased rollout is defined as a steady increase in yearly prime contracts requiring a CMMC certification for contractors. The number of contracts scheduled to have CMMC requirements in […]
CMMC (Cybersecurity Maturity Model Certification) compliance is causing many defense contractors to feel overwhelmed. The cybersecurity space is filled with jargon, the model presents different levels of security for different vendors and there appear to be a lot of specific requirements. The first step is simply to figure out where you currently stand. And the […]
CMMC certification is a tiered system, with five levels of certification for contractors that are dependent on the CUI (Controlled Unclassified Information) and security considerations of various DOD projects that contractors will be working on. The question then arises from some contractors — if we don’t handle any CUI, is CMMC certification still necessary? The […]
CUI, or Controlled Unclassified Information, is a data designation used by the Department of Defense to refer to non-classified information that is nevertheless sensitive and requires adherence to certain security practices when handling it. To repeat, CUI is not classified information (and does not require as stringent security protocols). It is also not corporate intellectual […]
One of the key difference between NIST/DFARS compliance and CMMC compliance is that DOD has implemented stratified levels of compliance for CMMC. CMMC has five levels of compliance. CMMC compliance requirements will be stipulated in defense contracts. For most situations, Level 3 compliance will suffice for subcontractors — the first level that allows for handling […]
CMMC (Cybersecurity Maturity Model Certification) is the new standard for cybersecurity compliance for DOD contractors. The launch of CMMC has caused many conscientious contractors to ask a simple question: What about DFARS? Defense Federal Acquisition Regulation Supplement 252.204-7012 was initiated in 2016 to make sure defense contractors had sufficient cybersecurity protections in place. Contractors who […]