Contact us for CMMC support.
The US Department of Defense has issued a mandate requiring all organizations doing business with the DoD to become certified to the new CMMC security framework. The Cybersecurity Maturity Model (CMMC) is a next-generation program leveraging NIST SP 800-171 and other security best practices. The DoD has determined that these standards, and the previous policy of voluntary compliance, have been insufficient to protect sensitive information flowing through the defense industrial base (DIB). Too much critical data has been compromised.
Going forward, CMMC certification is required of all DoD contractors, and will involve third-party certification.
Needling Worldwide is on the front lines of this transition, and is already working with defense contractors to prepare for CMMC certification. The CMMC standard is in final draft form, and is expected to be formally published in early 2020. At the same time, DoD is in the process of accrediting certification bodies to conduct the official audits and issue certificates of compliance.
The standard will have five levels, from basic to advanced, reflecting how sensitive and complex DoD believes the project to be. Suppliers must be certified to the level specified in the DoD's request for information or proposal.
Smaller and medium sized businesses will likely need the most help in preparing for and passing the CMMC certification audit.
NOTE: NIST SP 800-171 compliance is not a prerequisite, nor is it a guarantee of successful CMMC certification. CMMC has a broader set of requirements, and may be particularly challenging -- even for security savvy organizations -- in areas of business process and policy documentation.