New CMMC Requirements Included in all DOD Contracts by FY 2026
The Cybersecurity Maturity Model Certification (CMMC) framework was developed by the DoD to enforce protection of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) throughout its supply chain. DoD contracts must include the certification requirement by FY 2026.
Contractors are required to achieve, at the time of award, a CMMC certificate at the level specified within the solicitation and therefore must receive a CMMC audit from a CMMC-certified third-party organization. Solicitations with a required CMMC maturity level are expected to be released as early as June 2020.
The Office of Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) will be launching the regulation in an effort to improve cybersecurity across several maturity levels to minimize the risk of cyber threats and breaches.
The Cybersecurity Maturity Model Certification (CMMC) framework was developed by the DoD to enforce protection of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) throughout its supply chain. DoD contracts must include the certification requirement by FY 2026.
Vaultes’ Experts Can Help Your Organization Obtain Required Compliance Service Levels
Vaultes is proud to be among the first CMMC Third-Party Assessor Organization (C3PAO) approved by the CMMC Accreditation Body (CMMC-AB) to provide CMMC Assessments and Certifications. Our staff includes an industry-leading CMMC Provisional Assessor who is trained and certified to perform provisional assessments and certifications for organizations like yours.
Our CMMC 3PAO Services
Vaultes’ team of cybersecurity consultants can help you determine which service is right for your organization. To learn more, or to get started today, contact Vaultes online or by phone at 202.816.6658.
The CMMC’s five compliance maturity levels range from Basic Cybersecurity Hygiene (Level 1) to Advanced Cybersecurity Practices (Level 5). Every organization that plans on renewing a DoD current contract or bidding on a new contract in the future will need to be certified at one of the following 5 maturity levels:
-
Level 1: Basic cybersecurity achievable for small companies, subset of universally accepted common practices.
-
Level 2: Includes universally accepted cybersecurity best practices, resilient against unskilled threat actors.
-
Level 3: Includes all NIST SP 800-171 Rev 2 controls plus additional practices for CUI handling and management. Controls are meant to provide resilience against moderately skilled threat actors.
-
Level 4: Advanced and sophisticated cybersecurity practices, defensive responses approach machine speed, resilient against advanced threat actors, complete and continuous knowledge of cyber assets.
-
Level 5: Highly advanced cybersecurity practices reserved for the most critical systems, resilient against the most advanced threat actors, defensive responses performed at machine speed, machine-performed analytics and defensive actions, autonomous knowledge of cyber assets.
Download the CMMC Framework PDF
Find Out How You Should Prepare for CMMC with Help from Our Experts
Are you unsure whether CMMC applies to your organization? Have you received a compliance request from the DoD or your prime contract holder? Vaultes’ team of cybersecurity consultants can help you answer these questions and interpret the impact of CMMC to your environment. To learn more, or to get started today, contact Vaultes online or by phone at 202.816.6658.