A wave of change is coming from the Department of Defense and this wave may just be a tsunami hitting the foundation of your business. The behavior of a company around cybersecurity, and their controls, practices and processes determines their cybersecurity maturity Level (1-5) rating. Level 1 represents Basic Cyber Hygiene and Level 5 represents processes being optimized and security and control practices that are advanced and proactive. The CMMC Level rating will determine a business’ eligibility to bid on or retain certain contracts. The CMMC now replaces existing self-certification models under the Defense Federal Acquisition Regulation Supplement (DFARS).
The Cybersecurity Maturity Model Certification (CMMC) is a unified standard for implementing cybersecurity across the more than 300,000 companies in the defense industrial base (DIB) supply chain. The CMMC has been in development for a few years, but the first details on the framework were released at the end of January 2020. We anticipate there will be ongoing modification ofCMMC in the coming months / years. At this point the process for becoming a certified CMMC auditor is unclear. To the best of our knowledge, there are presently no certified CMMC auditors.
Are you looking for guidance with CMMC self-certification and rating? BostonCOMPLY meets the published provisional requirements as currently available to satisfy these demands. BostonCOMPLY intends to pursue certification as soon as the process is defined and training and exams are available. If your business is equipped to conduct the CMMC self-certification for your initial CMMC compliance rating, you may want to consider using the BYU.org tool set.
However, if you require the professional guidance and expertise to properly conduct the CMMC self-certification, or end up with an unacceptable score, BostonCOMPLY is ready to help with our Practical Compliance Automation™ offerings.