CMMC now appearing government-wide

 

Get CMMC Level 1 Certification guaranteed for $5,000

Breaking news! New Department of Defense contractor cybersecurity standards appeared into a government-wide federal contract. This is before language around the new program has officially landed in defense contracts. The Cybersecurity Maturity Model Certification (CMMC) was included in the General Services Administration’s $50 billion STARS III contract, posted earlier this week.

CMMC is the new cybersecurity certification standards to be implemented into all DOD contracts over the next five years. All contractors require a minimum of Level 1 certification.

 

 

Contact CyberOne for more information on CMMC and Certification options

 

 

CMMC Helpful Resources

 

 

CyberOne is pleased to provide you with some resources below to help you prepare for and implement CMMC Certification.

Get Certified:

Certification Resources

Useful Information:

CMMC Funding Support for DIBs

CMMC Certification Levels 1-5 explained

CMMC Certification: Where and When to Start

News Resources:

Fedscoop – resource for articles and updates on CMMC, including funding sources, certification steps, and general information.

SmallGoveCon – Legal news for small government contractors

Institutional Resources:

CMMC Main Oversight Body – The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD) provides regular

CMMC Accreditation Body National Conversation Series. These recorded presentations led by the CMMC Advisory Board

(NDISAC) The National Defense Information Sharing and Analysis Center – For information on CMMC implementation at all levels

(DIBSCC) The defense Industrial Base Sector Coordinating Council

National Contract Management Association: NCMA

(NIST) National Institute for Standards and Technology

 

 

SMB’s – Here are some funding sources to support CMMC Certification

 

Undoubtedly, as a DoD or government contractor, you’re beginning to hear more and more about CMMC Certification. CMMC currently only applies to DoD contractors. The broader security community, however, believes CMMC is the wave of the future and likely to be replicated across multiple Federal Agencies in the not so distant future.

If you are in the SMB category, like so many of us, and holding a Federal contract, either directly or through a Prime, you are likely wondering what your next steps should be? Most importantly, you want to know how much it is going to cost and now and in the future. The first set of good news is that most of us only need achieve Level 1 certification. Certification at this level can be achieved for less than $10,000.

That number may still be a heavy lift for some, particularly in light of our uncertain economy and, of course, COVID. More good news! For companies needing to boost their cybersecurity efforts in response to CMMC, there’s hope. The SBA and DOD have tried to provide assistance, where possible, to small business federal contractors. Your local Procurement Technical Assistance Center might have resources available, too.

If you are a manufacturer, there may also be grants available through MEP’s (Manufacturing Extension Partnership Centers) run through the National Institute of Science and Technology (NIST).

Finally, the DOD has announced that cybersecurity costs will be an “allowable cost” under DOD contracts, which could allow small business prime contractors the chance to recover some of the associated compliance costs.

Unfortunately, there are still a lot of “if’s” “but’s” and maybe’s” when it comes to funding and costs for CMMC. You’re best bet then is to find a company that guarantees certification for the lowest price possible.

Interested in CyberOne Certification? Contact us at: support@cb1security.com or find us here.

Here is what our customers say on Capterra

All you need to know: CMMC Levels 1-5

 

The CMMC model ensures that DoD Contractors meet the specific certification-level cybersecurity requirements for the data they are handling. There are five CMMC Certification levels, but this in itself is misleading. An estimated 75% of vendors will only need Level One Certification. 25% will need Level Two or Three, and only a small 5% will need Level Four or Five.

Which level is right for you? We explain each of the five levels below. You can also click here to jumpstart your certification process.

Level 1. “Basic Hygiene”

Level 1 covers 17 CMMC model requirements and those set forth in 48 CFR 52.204-21.  Contractors looking to achieve a Level 1 status need to have basic cybersecurity controls in place. These include basic Asset Management, Authentication, and Access Controls, or, frequent passwords changes, unique user accounts, and anti-virus software,  Organizations in this category are more likely to deal with Federal Contract Information (FCI) rather than handling CUI.  There is no requirement for a process maturity rating at this level, however, it’s something to consider. 

Level 2. “Cyber Hygiene”

Level 2 is a transitional step to Level 3 and brings forward the need to implement Nist SP 800-171. This is due to an expanded scope from protecting FCI to protecting CUI.  If you are already implementing Nist SP 800-171, then we recommend that you look for a solution to map your existing controls to CMMC and jumpstart your certification. 

Level 3. “Good Cyber Hygiene”

Organizations seeking to gain Level 3 certification must demonstrate that they have implemented effective security controls and that they have the ability to protect CUI.  This includes compliance with all security requirements of NIST 800-171 and DFARS Clause 252.204.7012. Effectively, Level 3 is demonstrated implementation of all Level One and Two policies and procedures. Demonstrating implementation requires continuous control monitoring. Your spreadsheet is not your friend here!

Level 4. “Proactive”

Level 4 covers pro-active measures to safeguard CUI from Advanced Persistent Threats. These are mostly nation-state sponsored threat actors who are highly dangerous to the nation’s security, often referred to as  APTs. Certification at this level requires compliance with 110 NIST 800-171 Requirements plus 46 other practices across all 17 domains of the CMMC model.

Level 5. “Progressive”

Level 5  is “optimization”. Certification automatically implies that the contractor meets all criteria set by the CMMC including all requirements at Levels 1-4. Organizations must have an advanced or progressive cybersecurity program in place.

For more information on how to get CMMC certified, email us at: support@cb1security.com or find us here.

Read what our clients say about us on Capterra