CMMC compliant by May 2023

Becoming CMMC Compliant by May 2023

If you are a manufacturing business or defense contractor working with the Defense Industrial Base (DIB) you most likely have heard much talk surrounding CMMC, or the Cybersecurity Maturity Model Certification. Created in part by the The Department of Defense (DoD) alongside other security entities, CMMC seeks to provide a standardized set of controls to secure organizations contracted by the federal government. As it implies this means that ANY organization working with, funded by, and receiving CUI or FCI from the Defense Industrial base will have to comply with CMMC regulations.

Fortunately, the DoD has updated their timeline as to when we can expect CMMC 2.0 to be implemented. Is your organization prepared?

The Department of Defense recently revealed that they plan to issue an interim rule regarding CMMC 2.0 framework by May of 2023. If approved, CMMC will begin to be implemented in DoD contracts by July 2023, roughly 60 days after the interim rule is published. The new CMMC 2.0 framework is made up of 3 levels: Foundational, Advanced, and Expert. The Foundational level will include the most basic security controls such as MFA, password, safety, security awareness training, etc. The Advanced level contains 110 security controls outlined in NIST 800-171. These controls were designed by The National Institute of Technology (NIST) to protect controlled classified information (CUI). The Expert Level of CMMC 2.0 is the most demanding level in this framework, requiring all previous controls to be followed alongside others.

In the past many organizations receiving contracts were able to self attest for their security posture. However, to ensure a greater sense of security the DoD is requiring third-party audits conducted through C3PAOs(Certified Third Party Assessment Organizations) for most level 2 contracts. For expert level contracts a team from the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) will perform audits to ensure the most classified information is being protected.

Sounds like a lot right?

Well this is because it is. Due to the increase in ransomware attacks globally as well as bad actors targeting critical infrastructure it is important now more than ever to make sure the federal government and private sector are in step. This is why the DoD is focused on implementing this framework by May 2023, the sooner the better.

So can your organization make the deadline? It depends on how far along the security path your organization is. If you are just beginning to take cybersecurity seriously it will take much more leg work to implement all of these controls and standards by May. Luckily, some DoD contracts may allow for organizations to implement a Plan of Actions & Milestones (POA&M). If an organization doesn’t meet the requirements for a contract, they can provide an outline of how they plan to mitigate any holes in their security. The downside is that these POA&Ms aren’t indefinite. All of them will have a deadline and ignoring the problem cannot be a solution.

Is your organization on track to be compliant by May of 2023? If not then contacting CorpInfoTech should be your next step. We can help assess your organization and get your on track to comply with any CMMC 2.0 requirements your organization needs. CorpInfoTech partners with organizations like NIST or the CIS Controls and contribute to many of the regulatory controls businesses will have to comply with in the future.

Let CorpInfoTech help you learn more about CMMC compliance!

CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. Corporate Information Technologies can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.

Comments are closed

Learn More

Learn More
error: Alert: This Content is protected!