Speak To An Advisor · 202.816.6658

Vaultes

Northern Virginia Cyber Security Consulting Firm

Request Consultation

New CMMC Requirements Included in all DOD Contracts by FY 2026

The Cybersecurity Maturity Model Certification (CMMC) framework was developed by the DoD to enforce protection of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) throughout its supply chain. DoD contracts must include the certification requirement by FY 2026. 

Contractors are required to achieve, at the time of award, a CMMC certificate at the level specified within the solicitation and therefore must receive a CMMC audit from a CMMC-certified third-party organization. Solicitations with a required CMMC maturity level are expected to be released as early as June 2020. 

Man working on a Compliance Audit for cyber security The Office of Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) will be launching the regulation in an effort to improve cybersecurity across several maturity levels to minimize the risk of cyber threats and breaches.

The Cybersecurity Maturity Model Certification (CMMC) framework was developed by the DoD to enforce protection of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) throughout its supply chain. DoD contracts must include the certification requirement by FY 2026.

Vaultes’ Experts Can Help Your Organization Obtain Required Compliance Service Levels

Vaultes is proud to be among the first CMMC Third-Party Assessor Organization (C3PAO) approved by the CMMC Accreditation Body (CMMC-AB) to provide CMMC Assessments and Certifications. Our staff includes an industry-leading CMMC Provisional Assessor who is trained and certified to perform provisional assessments and certifications for organizations like yours.

Our CMMC 3PAO Services

Vaultes’ team of cybersecurity consultants can help you determine which service is right for your organization. To learn more, or to get started today, contact Vaultes online or by phone at 202.816.6658.
cmmc-audits-graphic

The CMMC’s five compliance maturity levels range from Basic Cybersecurity Hygiene (Level 1) to Advanced Cybersecurity Practices (Level 5). Every organization that plans on renewing a DoD current contract or bidding on a new contract in the future will need to be certified at one of the following 5 maturity levels:

  • Level 1: Basic cybersecurity achievable for small companies, subset of universally accepted common practices.
  • Level 2: Includes universally accepted cybersecurity best practices, resilient against unskilled threat actors.
  • Level 3: Includes all NIST SP 800-171 Rev 2 controls plus additional practices for CUI handling and management. Controls are meant to provide resilience against moderately skilled threat actors.
  • Level 4: Advanced and sophisticated cybersecurity practices, defensive responses approach machine speed, resilient against advanced threat actors, complete and continuous knowledge of cyber assets.
  • Level 5: Highly advanced cybersecurity practices reserved for the most critical systems, resilient against the most advanced threat actors, defensive responses performed at machine speed, machine-performed analytics and defensive actions, autonomous knowledge of cyber assets.

Download the CMMC Framework PDF

Find Out How You Should Prepare for CMMC with Help from Our Experts

Are you unsure whether CMMC applies to your organization? Have you received a compliance request from the DoD or your prime contract holder? Vaultes’ team of cybersecurity consultants can help you answer these questions and interpret the impact of CMMC to your environment. To learn more, or to get started today, contact Vaultes online or by phone at 202.816.6658.