Cybersecurity should be one of the top concerns of all companies that handle sensitive information, but it’s especially important for companies that work with the US Department of Defense (DoD) because they will soon be required to comply with the new Cybersecurity Maturity Model Certification (CMMC).
What Is the CMMC?
After being in development for several years, the highly anticipated Cybersecurity Maturity Model Certification (CMMC) version 1.0 was released by the DoD on January 31, 2020, bringing together several older compliance processes to create a single unified certification and compliance process for DoD contractors.
The purpose of the CMMC is to certify that DoD contractors have in place the controls necessary to protect sensitive information. Eventually, all DoD contractors will be required to obtain a certification from independent Third-Party Assessment Organizations (CP3AOs) and assessors, who will evaluate which of the five certification levels the contractors meet.
Here’s a quick overview of the five CMMC levels:
- Level 1: Basic Cyber Hygiene
- Level 2: Intermediate Cyber Hygiene
- Level 3: Good Cyber Hygiene
- Level 4: Proactive
- Level 5: Advanced/Progressive
As their names suggest, the five CMMC levels build upon each other’s cybersecurity requirements, which means that Level 1 compliance is a necessary prerequisite for achieving Level 2 compliance, and so on. This tiered approach reflects the fact that more peripheral DoD contractors and their subcontractors represent considerably smaller cybersecurity danger than core contractors.
The DoD recently estimated that at least 479 contracts would have CMMC clauses by 2025, with over 48,000 certified contractors. Contracting Officers on existing contracts will also have some latitude in requiring CMMC. As such, all contractors who are working with the DoD should start taking the steps necessary to meet one of the five CMMC levels sooner rather than later, and the providers of managed IT services are ready to help.
How Can Managed IT Services Help?
While large companies with ample resources and information-technology personal have either already taken the steps necessary to ensure CMMC compliance, many smaller DoD contractors and subcontractors find it difficult to address digital security concerns on their own, which is where managed IT services come in, offering their expertise and cybersecurity solutions.
An MSP that understands the needs of government contractors and the requirements for achieving CMMC certification can conduct a detailed readiness assessment and gap analysis to identify how the contractor’s existing cybersecurity plan needs to be amended to meet certification requirements.
The MSP can then help the contractor develop a cybersecurity program that includes everything from intrusion detection and response to advanced endpoint protection to security awareness training in order to ensure ongoing CMMC compliance.
Often, small to mid-sized government contractors find themselves in an awkward position, with large competitors with vast resources on one side and stringent regulations on the other side. To comply with the new Cybersecurity Maturity Model Certification, they must have in place the controls necessary to protect sensitive information against current and future cyberthreats alike. A partnership with a provider of managed IT services can help small to mid-sized government contractors achieve CMMC certification without stretching themselves too thin and, consequently, losing focus on their core business.