General Manager, Quality Assessments Division
Akron, OHContact Aaron
What is CMMC? Who does it apply to? Why is it necessary? When does it become a requirement? How do you get started?
All good questions, ones that we will seek to answer below.
What is Cybersecurity Maturity Model Certification?
According to the Lockheed Martin website, CMMC is a new requirement for existing U.S. DoD contrators - "The CMMC is intended to serve as a verification mechanism to ensure appropriate levels of cybersecurity controls and processes are adequate and in place to protect controlled unclassified information (CUI) that resides on contractor / subcontractor networks."
Who does it apply to?
Defense contractors and subcontractors, anyone who is working with the U.S. Department of Defense.
Why is it necessary?
The U.S. DoD answered this succinctly in their memorandum on understanding Cybersecurity Maturity Model Certification: "CMMC has, and will remain a priority for the Department, and will safeguard our enterprise against cyber theft losses that cost our Nation $100 billion annually, and $600 billion worldwide, equating to 1% of global GDP."
When does it become a requirement?
Currently, the first version of the CMMC was released in January of 2020, with plans for Requests for Information to start in June of 2020, followed by Requests for Proposals to begin in September of 2020.
References and Additional Resources:
United States Department of Defense:
CMMC Accreditation Body or CMMC-AB