Blog
Is your organization ready for CMMC 2.0?
Blog
Is your organization ready for CMMC 2.0?
By Ann Collins, Executive Vice President of LearnSpectrum
Cybersecurity is critical these days. Nowhere is this truer than our national security. It’s why the Department of Defense requires Cybersecurity Maturity Model Certification (CMMC) for its contractors. There is a lot of information out there about CMMC, and its latest incarnation CMMC 2.0. As an executive of an organization that works closely with defense contractors, I wanted to distill the information down to the key points and provide resources for further research.
If, after reading this blog, you or your organization has any questions or would like to know more about how we can help you with other training or learning needs, feel free to email me at acollins@learnspectrum.com – I’d love to talk to you!
What is CMMC?
The Cybersecurity Maturity Model Certification (CMMC) is a comprehensive framework to protect the defense industrial base’s (DIB) Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) from frequent and increasingly complex cyberattacks.1 By incorporating cybersecurity standards into acquisition programs, CMMC provides the Department of Defense (DoD) assurance that contractors and subcontractors are meeting the DoD’s cybersecurity requirements.
CMMC has been around for some time but was recently updated to a “2.0” version to ensure accountability for companies to implement cybersecurity standards while minimizing barriers to compliance with DoD requirements.
CMMC 2.0 measures the implementation of cybersecurity requirements at three levels:
- Level 1 Foundational – Encompasses the basic safeguarding requirements for FCI specified in FAR Clause 52.204-21
- Level 2 Advanced – Encompasses the security requirements for CUI specified in NIST SP 800-171 Rev 2 per DFARS Clause 252.204-7012
- Level 3 Advanced – Requires standardized, optimized, and enhanced processes to respond to every-changing and sophisticated tactics of ATPs (Advanced Persistent Threats).
Who needs to be certified?
Contractors must achieve certification before they can win future government contracts.
By when does your organization need to be certified?
CMMC requirements could appear in contracts as early as July 2023.
How do organizations get certified?
CMMC certifications are provided by an authorized and accredited CMMC Third Party Assessment Organization (C3PAO) or certified CMMC Assessor. To find an authorized C3PAO, visit The Cyber AB CMMC Certification Marketplace. Cyber AB is the official accreditation body of the CMMC ecosystem.
Only engage with a C3PAO or assessor if you are certain your organization already meets CMMC requirements.
How do you prepare for organizational certification?
The first step is enrolling employees in training to prepare for the certification exam(s). But, with all the potential CMMC training providers and courses out there, where do you start?
Recommended CMMC 2.0 training courses
LearnSpectrum is proud to partner with several CMMC Licensed Training Providers: Learning Tree, Infosec, and Training Camp, who offer informational based courses on CMMC, as well as the certification preparation courses for CCA and CCP.
Below are three recommended courses. Each has nuances and targeted roles, so click on each course’s link to learn more.
Email me at acollins@learnspectrum.com if you have any questions or would like a quote for any of the courses.
Once certified, where do you reflect that compliance?
Resources for more information
As mentioned, if you have a question about CMMC 2.0 or would like a quote for any of the courses I cited, please drop me an email at acollins@learnspectrum.com
You can also follow me on LinkedIn at
https://www.linkedin.com/in/annlcollins/
Blog
