If your business relies on Defense contracts, or if you are interested in working as a prime or sub-contractor for the DoD, you will have to meet a new compliance requirement; it is the Cybersecurity Maturity Model Certification (CMMC).

The CMMC model is designed to protect Federal Contract Information (FCI) that is by default in all federal government contracts and covered defense information, which is often technical information that is provided by the government or may be produced by the defense contractor. The model consists of five levels, with each higher level incorporating increasing levels of security.

The CMMC compliance certification will be a baseline requirement; with the appropriate certification level, there will be access to DoD contracts; without certification, a company will be deemed unqualified.

The CMMC requirement is now migrating across the Federal Government. An example is the current General Services Administration (GSA) $50 billion Streamlined Technology Acquisition Resource for Services (STARS) III solicitation. In the announcement, the GSA stated that it “reserves the right” to require CMMC certifications for small businesses prior to award.

Establishing these controls as an element of the business operations is good business sense, and it is common sense. The bottom line to the business owner will soon be, if you want to work in the Federal space as a prime or a sub, you will have to be certified at the appropriate CMMC level, or you won’t work in the Federal space.

171Comply is focused on providing policies and templates that provide the 80% solution in meeting the compliance requirements and supporting policies. What we do is assist you with tools and templates that reduce your costs and effort in meeting certification compliance. These tools also provide your company with a defensive strategy that reduces the likelihood of a successful cyber-attack and provides you a road map for incident response and recovery.