Cybersecurity Maturity Model Certification (CMMC) Necessary for Department of Defense Contracts

Construction & Real Estate, Cyber, Food & Agribusiness, Manufacturing & Distribution, Property & Casualty, Transportation

The U.S. Department of Defense (DoD) recently developed and released a new certification standard with which ALL DoD contractors, suppliers, and service providers will need to comply. This new standard is called the Cybersecurity Maturity Model Certification (CMMC), and the final version was released on January 31, 2020. This new regulation particularly impacts business in certain industries, including: Transportation, Food & Agribusiness, Manufacturing & Distribution, and Construction & Real Estate.

The certification framework requires every defense contractor to adhere to a certain level of cybersecurity in order to obtain or maintain Department of Defense (DoD) contracts.

Cybersecurity Maturity Model Certification (CMMC) requirements will begin to appear in the DoD’s Request for Information (RFI) opportunities in June 2020.

The DoD is establishing this requirement after going through several phases of attempting to mandate cybersecurity best practices in the organizations with which they do business. These attempts have ultimately failed, resulting in the DoD taking a step back and starting things from scratch.

According to Under Secretary of Defense for Acquisition and Sustainment, Ellen Lord , “There’ll be no fines for non-compliance. You just won’t get the contract – or any other contract requiring that particular level of certification.”

Since certification will be a determining factor in whether or not you can proceed with a DoD contract, it’s best to start preparing now – and we’re here to help.  M3 is offering a webinar with information security experts from Tetra Defense to explain what the CMMC is, what the DoD is requiring, and how your business can get certified.

Back to Insight Center