What is the Cybersecurity Maturity Model Certification (CMMC)

The CMMC, is an upcoming requirement for all DoD prime and sub-contractors

1

New Requirement

A new requirement for existing DoD contractors, replacing the self-attestation model (DFAR) and moving towards third-party certification.
2

Certification

The certification will be built on existing requirements such as NIST SP 800-171, NIST SP 800-171B, NIST SP 800-53, ISO 27001, ISO 27032, AIA NAS9933, private sector contributions, and input from academia.
3

Defense Industrial Base

This new certification will assure any existing problems within the Defense Industrial Base (DIB) will be covered and secure.
4

5 Levels

It will consist of 5 levels to measure the cybersecurity practices of contractors. The CMMC will encompass multiple maturity levels that ranges from “Basic Cybersecurity Hygiene” to “Advanced”. The intent is to identify the required CMMC level in RFP sections L and M and use as a “go / no go decision.”
5

DoD RFPs

DoD RFPs will have requirements in sections L & M dictating the CMMC level that a contractor needs in order to bid. Your company as a potential DoD prime or subcontractor will need to have been certified at the appropriate CMMC level.

Why Is The CMMC Being Created?

1

Attacks Keep Happening

Attacks keep happening against DIB partners and hacker attention has turned to the smaller contractors for access to the Prime contractors

2

Assess and Enhance

The DOD is planning to migrate to the new CMMC framework in order to assess and enhance the cybersecurity posture of the Defense Industrial Base (DIB).

3

Cyber Resiliency of DoD Contractors

Serve as a verification mechanism to ensure appropriate levels of cybersecurity controls and processes are adequate and in place to protect controlled unclassified information (CUI) that resides on the Department’s industry partners’ networks.

What You Need to Do

If your company conducts business with the DoD then you must be certified. CMMC is still in Draft and less than 12 months away, so it is important to start implementing the NIST 800-171 & Draft-CMMC 0.7 security requirements now. Implementing the NIST 800-171 requirements includes:

Inceptus Can Help You Become CMMC Ready.

  • Perform Detailed Assessment
    Perform a detailed assessment to determine your compliance level with detailed remediation actions to comply with DFARS/CMMC requirements
  • Develop Plans to Address Gaps
    We develop the required Systems Security Plan (SSP) and Plan of Action & Milestones (POA&M), so you can provide documented evidence to the DoD or your Prime that you’re on your way towards compliance
  • Develop Customized Threat Detection and Protection Plans
    Inceptus Protection Plans are designed to fill the gaps exposed in your assessment. We bring the fundamentals back to cyber and blend them with bleeding edge processes and technologies to detect, deter, defend, respond and recover from threats anywhere in your business ecosystem
  • Implement Security Framework
    Successfully implement the security controls and requirements in NIST SP 800-171, NIST 800-171b and CMMC 0.7 and provide evidence for a successful audit

Start CMMC Compliance

Inceptus Can Help You Become CMMC Ready

Get Started