Undoubtedly, as a DoD or government contractor, you’re beginning to hear more and more about CMMC Certification. CMMC currently only applies to DoD contractors. The broader security community, however, believes CMMC is the wave of the future and likely to be replicated across multiple Federal Agencies in the not so distant future.
If you are in the SMB category, like so many of us, and holding a Federal contract, either directly or through a Prime, you are likely wondering what your next steps should be? Most importantly, you want to know how much it is going to cost and now and in the future. The first set of good news is that most of us only need achieve Level 1 certification. Certification at this level can be achieved for less than $10,000.
That number may still be a heavy lift for some, particularly in light of our uncertain economy and, of course, COVID. More good news! For companies needing to boost their cybersecurity efforts in response to CMMC, there’s hope. The SBA and DOD have tried to provide assistance, where possible, to small business federal contractors. Your local Procurement Technical Assistance Center might have resources available, too.
If you are a manufacturer, there may also be grants available through MEP’s (Manufacturing Extension Partnership Centers) run through the National Institute of Science and Technology (NIST).
Finally, the DOD has announced that cybersecurity costs will be an “allowable cost” under DOD contracts, which could allow small business prime contractors the chance to recover some of the associated compliance costs.
Unfortunately, there are still a lot of “if’s” “but’s” and maybe’s” when it comes to funding and costs for CMMC. You’re best bet then is to find a company that guarantees certification for the lowest price possible.