Announced on June 13, 2019, The Cybersecurity Maturity Model Certification (CMMC) is the new approach by the Department of Defense (DoD) to create a unified cybersecurity standard and properly secure their supply chain and the Defense Industrial Base (DIB).
Meaning, starting in 2020, companies will need to begin the journey towards CMMC compliance in order to conduct business with the DoD. It's estimated that between 2020 - 2026 all DIB organizations will become compliant with the new CMMC framework.
On March 18, 2020, the Office of the Under Secretary of Defense for Acquisition & Sustainment released version 1.02 of the standard.
The CMMC model was derived from Federal Information Processing Standards (FIPS) Publication 200 and NIST SP 800-171; and contains 17 domains:
Contractors will be evaluated based upon the implementation of actual technical controls in addition to their documentation and policies. These evaluations will lead to a level certification of 1 to 5, 5 being the most secure. The higher your company certifies, the more contracts you will be eligible to bid on.
Good Cyber Hygiene
Intermediate Cyber Hygiene
Basic Cyber Hygiene
GreyCastle Security can assist you in several different areas covered by the CMMC compliance requirements: