The Department of Defense has drafted a new standard called the Cybersecurity Maturity Model Certification. This standard will begin to replace NIST 800-171 on DoD RFIs and RFPs beginning in late-2020. The CMMC contains five levels, ranging from basic hygiene to state-of-the-art. Unlike NIST 800-171, the CMMC will not contain a self-attestation component. Every organization that does business with the Department of Defense will be required to undergo an audit by an authorized auditing entity before bidding on a contract or subcontracting to a prime. It seems like a lot, and it can be, but Matt Majot with Comply Up will be joining us to discuss the ways to survive CMMC, starting with understanding 5 steps.
Step 1: Understanding what you are up against
Step 2: Understanding where this came from
Step 3: Understand where CMMC is headed
Step 4: Understand what you can do to prepare now
Step 5: Understand you are not alone