In response to a series of high-profile breaches of DoD information, DoD’s newest framework and standard for cybersecurity: Cybersecurity Maturity Model Certification (CMMC).

What is the Cybersecurity Maturity Model Certification (CMMC)?

The CMMC will encompass multiple maturity levels that range from “Basic Cybersecurity Hygiene” to “Advanced”. The intent of the CMMC is to combine various cybersecurity control standards into one unified standard for cybersecurity.

All companies doing business with the Department of Defense will need to obtain CMMC.

Understanding CMMC

The Cybersecurity Maturity Model Certification (CMMC) will be a new requirement for existing DoD contractors, replacing the self-attestation model and moving towards third party certification.

How it will affect your organization?

All companies conducting business with the DoD must be certified. The maturity level required is based on each individual contract’s terms that the contractor intends to bin on with the DOD.

How can my organization become certified?

Certification processes are still in its development phases by the CMMC-AB and may be subject to change. However, under the current guidelines, your organization will coordinate directly with an accredited and independent third party commercial certification organization to request and schedule your CMMC assessment. Your company will specify the level of the certification requested based on your company’s specific business requirements. Your company will be awarded certification at the appropriate CMMC level upon demonstrating the appropriate maturity in capabilities and organizational maturity to the satisfaction of the assessor and certifier.

How to Prepare for the CMMC?

eTrepid advises focusing on what you are required to do today as the best approach to current and future compliance requirements. Nothing that has been proposed eliminates the requirement to implement NIST 800-171.

There is no easy way to achieve compliance with all 110 security requirements and CMMC is still an evolving model, but the most effective way to guarantee long term success is to make compliance a documented, automated outcome of day-to-day operation.

Additional CMMC Resources

There is no easy way to achieve compliance with all 110 security requirements and CMMC is still an evolving model, but the most effective way to guarantee long term success is to make compliance a documented, automated outcome of day-to-day operation.

Start Your Journey to Compliance


Sign Up to Receive Our Weekly CMMC related Cybersecurity Tips

No Catch. No Obligation.
Don't go on being misinformed or unaware about coming regulations that directly affect your business. Sign-up to receive cybersecurity tips as well as CMMC updates and notifications that will keep you ready to move forward. There is not catch and no obligation. Stay ahead of the hackers and gain an opportunity to receive 15 additional way to protect your business form a cyber-attack just by simply signing up.

Go to Top