CMMC Is An ‘Allowable Cost’

The advent of the Cybersecurity Maturity Model Certification (CMMC) requirement for defense contractors can look intimidating — and perhaps expensive– to many contractors.

On the issue of cost though, there is good news on two fronts.

The first is that achieving Level 3 CMMC compliance — the level that will be most commonly needed– will not require a huge amount of extra work if you are already NIST compliant (as you have been required to be).

The second piece of good news is that the DoD has classified CMMC expense as an ‘allowable cost,’ meaning the expense can be listed in a contract and billed to DoD. It’s a reimbursable cost.