The new Cybersecurity Maturity Model Certification (CMMC) expands the current self-customized NIST- based cyber security approach under the DFARS to add third-party verification and certifications. This new standard applies to all prime contractors and subcontractors as well as direct and indirect suppliers. The CMMC rates your maturity levels between 1-5 for both technical practices and actual processes across 17 domains. It specifies new asset management, situational awareness and recovery obligations along with minimum security for contracts, full time security operation centers, incident response teams and inter-domain encryption. Once finalized, failure to implement these requirements may lead to bid protests, suspension, disbarment or false claims violations for non-compliance.
Stay up to date with all the latest news and events.