CMMC 

The Cybersecurity Maturity Model Certification (CMMC) is here. It’s being rolled out for the 300,000 non-federal organizations that make up the Pentagon’s supply chain in a staged fashion over the next five years. But organizations should not wait to prepare- especially considering one aspect of CMMC which requires evidence of a culture of cybersecurity.  

 

Per the Office of the Under Secretary of Defense: 

​

• The CMMC will review and combine various cybersecurity standards and best practices and map these controls and processes across several maturity levels that range from basic cyber hygiene to advanced. For a given CMMC level, the associated controls and processes, when implemented, will reduce risk against a specific set of cyber threats.

• The CMMC effort builds upon existing regulation (DFARS 252.204-7012) that is based on trust by adding a verification component with respect to cybersecurity requirements.

• The goal is for CMMC to be cost-effective and affordable for small businesses to implement at the lower CMMC levels.

• Authorized and accredited CMMC Third Party Assessment Organizations (C3PAOs) will conduct assessments and issue CMMC certificates to Defense Industrial Base (DIB) companies at the appropriate level.

(https://www.acq.osd.mil/cmmc/index.html)

 

So, who's involved in the CMMC certification process?

​

​

​

​

​

 

 

 

 

 

 

 

 

STC is a Registered Provider Organization (RPO), allowing us to help SMB's and company owners embark on their CMMC journey. Discovery, education and remediation are just a few of the key take-aways our clients can count on. Per CMMC-AB outlines, we engage with clients to complete a pre-assessment and then help as needed with the upkeep of your company's adherence to the cyber hygiene  & culture requirement.

​