Hello, Guest!

What is CMMC & What Does it Mean for Government Contractors?

The Department of Defense’s Cybersecurity Maturity Model Certification program is a set of cybersecurity standards created in 2019 to fortify the Defense Industrial Base against the increasing threat of cyberattacks and protect sensitive, unclassified information shared by the DOD and its contractors. 

CMMC incorporates these cybersecurity standards into the Defense Department’s acquisition programs to ensure that contractors and subcontractors are trusted and secure. However, in the three years since its inception, the program has undergone multiple reorganization efforts and updates, posing obstacles to companies looking to achieve compliance.

The program’s latest update, CMMC 2.0, was released in November 2021, following an internal review sparked by over 800 public comments on the program’s initial release. The updated framework clarifies policy, simplifies standards, reduces associated costs and gives contractors more time to comply with the new requirements.

Three months later, the program moved under the responsibility of John Sherman, a 2022 Wash100 Award winner, in the Department of Defense’s Office of the CIO.

“This is basic hygiene to raise the water level to make sure we can protect our sensitive data so that when our service members have to go into action, they’re not going to have an unfair position because our adversary’s already stolen key data and technologies that’ll put them at an advantage,” Sherman said of CMMC 2.0.

John Sherman is scheduled to keynote the 3rd Annual CIO Summit hosted by the Potomac Officers Club on Apr. 26. Spots are filling up fast for this in-person event – register today!

Now, in order to comply with new CMMC 2.0 requirements, over 8,000 companies will have to undergo third-party cybersecurity assessments, according to Deputy CIO for cybersecurity, David McKeown

However, although the updated framework allows contractors more time to comply, CMMC officials are urging companies to pursue their certification early.

“Don’t wait for this to be a requirement in your contract,” said Matthew Travis, CEO of the CMMC Accreditation Body. “Go ahead, engage in CMMC and get certified.”

To learn more about the implications of CMMC 2.0 and the future of the program, join the 2022 CMMC Forum hosted by the Potomac Officers Club on May 18.

Stacy Bostjanick, director of CMMC policy within the DOD’s office of the undersecretary of acquisition and sustainment, is scheduled to keynote the forum. Registrations are open now!

Video of the Day