HB Ad Slot
HB Mobile Ad Slot
CMMC Version 1.0: Enhancing DOD’s Supply Chain Cybersecurity
Wednesday, February 12, 2020

Cybersecurity Maturity Model Certification (“CMMC”) v.1.0, after releasing several draft versions of the document over the past year. In an effort to enhance supply chain security, the CMMC sets forth unified cybersecurity standards that DOD contractors and suppliers (at all tiers, regardless of size or function) must meet to participate in future DOD acquisitions. Through the CMMC, DOD adds cybersecurity as a foundational element to the current DOD acquisition criteria of cost, schedule, and performance. We have previously discussed CMMC on our Government Contracts & Investigations Blog.

CMMC Maturity Levels

The CMMC includes five levels of certification, with five being the highest or most secure. This table provides a snapshot of the focus areas, number of practices, and requirements at each level:

CMMC Maturity Levels

Source of information: CMMC v.1, Sec. 2.7.1, available here.

Timeline

The DOD has expressed its commitment to a “crawl, walk, run” approach to implementing the CMMC. So, although CMMC v.1.0 was released last month, there will be a five-year rollout period, with all new DOD contracts containing the CMMC requirement beginning in FY 2026, but some could start requiring it as soon as this summer.

Putting it Into Practice: Any company that does business with the DOD will need to comply with CMMC. Companies should review current CMMC materials, track new releases, and aim to comply with the requirements in preparation for a third-party audit as soon as possible.

HTML Embed Code
HB Ad Slot
HB Ad Slot
HB Mobile Ad Slot
HB Ad Slot
HB Mobile Ad Slot
 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins