Who Needs To Comply With CMMC 2.0 and When?

Who Needs To Comply With CMMC 2.0 and When?

Cyber crime waits for nobody. Cyber criminals are ready and willing to attack any organization that remains behind the curve. Unfortunately, some of the most lucrative hits for hackers are organizations partnered with the federal government. Federal contract information (FCI) and Controlled Unclassified Information (CUI) released by the government to its private contractors can be extremely detrimental in the wrong hands, which is why The Department of Defense developed The Cybersecurity Certification Maturity Model. The CMMC is a framework that seeks to develop standardized sets of practices and controls to help protect organizations from unwittingly releasing classified information entrusted to them.

CMMC 2.0 applies to any organization being contracted by the Defense Industrial Base (DIB)

Who needs to comply with CMMC 2.0? Anyone who works directly with the DIB must comply to some if not every level of the CMMC 2.0 model in order to handle certain types of CUI. Organizations that have access to FCI will only be required to comply with Maturity Level One(Foundational). Furthermore, any CUI will automatically require compliance at ML2(Advanced) while the federal contracting officer may specify the need for ML3(Expert) compliance depending on the situation.

Once again this applies to any organization working with the DIB regardless of the industry or size of the organization. If you believe that this may apply to your business you can contact CorpInfoTech to find out how you can get started.

However, if you are already aware of you need to comply to CMMC 2.0, your next question may be: by when do I need to become compliant?

The first model of CMMC has been fully depreciated in exchange for the current model CMMC 2.0. This second iteration consolidates the 5 levels of the first into 3: Foundational, Advanced, and Expert. This new model is still being developed and pending approval from various agencies, but the expected date to comply with CMMC 2.0 to be released for public comment is May 2023. The DIB hopes to being writing CMMC 2.0 into its contracts at this time as well.

Let CorpInfoTech help you learn more about CMMC compliance!

CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. Corporate Information Technologies can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.

Comments are closed

Learn More
error: Alert: This Content is protected!