Cybersecurity Maturity
It's Just a Process
-
What is CMMC and why is it so critical?
-
How will local PTACs help?
-
How can CEOs lead the way?
-
What is required for Level 1 compliance?
Use this Department of Defense template to determine your compliance with NIST SP 800-171 requirements.
MEET OUR EXPERT PANEL
- Katie Arrington | DoD CISO
- Stacy Bostjanick | DoD CMMC Director
- Sherry Savage | DLA PTAP Program Manager
- Vibhaa Vermani | Chitra Productions CEO
- Katherine Deming | CISSP
THE DISCUSSION
- Why is DoD pushing CMMC out to industry?
- What is CMMC exactly and what are the multiple levels?
- What role will PTACs play in supporting industry?
- Learn about one CEO's commitment to CMMC compliance
- First Things First – Achieve CMMC Level 1 with ease
CMMC | Cybersecurity Maturity Model Certification
CMMC is the easy acronym for Cybersecurity Maturity Model Certification, the DOD’s verification mechanism designed to protect Controlled Unclassified Information (CUI) residing on the Defense Industrial Base (DIB) networks. CMMC encompasses multiple maturity levels ranging from “Basic Cyber Hygiene” to “Advanced / Progressive Cyber Hygiene.” Each level is designed to safeguard the federal government’s assets and information from cyber-attacks through direct or indirect DoD suppliers.
Maturity Level Processes
Each CMMC domain has nine standard Processes that detail the maturity of institutionalization for the practices.
Capabilities
Each CMMC practice is aligned to a Capability, which in turn are aligned to a Domain.
In total, across all five (5) CMMC levels, there are eighteen (18) Domains, eighty-five (85) Capabilities, and three hundred and seventy (370) Practices.
Summary (eBook)
Neil McDonnell wrote this eBook to help small business leadership quickly and easily understand the DoD's CMMC requirements. In CMMC Made Easy, he has created easy-to-understand and natural groupings of the official lists to make the information easier to follow.
"It's just a process."
Every business selling to the Department of Defense (DoD) or any of the services must have a Cybersecurity Maturity Model Certification (CMMC) Level 1 or higher.
All federal prime-contractors, subcontractors and suppliers will need to meet this requirement. Without the required certification, you will not be able to sell to the federal government.
DoD expects to include requirements related to CMMC in Requests for Information (RFIs) or Source Sought notices by the summer of 2020. By the Fall of 2020, DoD expects to include specific language in all Requests for Proposals (RFPs).
Where DoD goes, others will follow. We expect other agencies that do not already have something like CMMC, to adopt CMMC into their acquisition requirements. It is not unrealistic for federal contractors and suppliers to see CMMC as a requirement across any agency by 2021.
REFERENCES
- Draft CMMC Model Rev 0.4 Release & Request For Feedback (September 2019)
- CMMC Draft Model Version 0.4 (August 30, 2019)
- Securing the Supply Chain (presentation by Katie Arrington, HQE Cyber for ASD (A)
- November 2019 | Updated Draft CMMC Model v0.6 PDF
