On January 30, 2020, the Department of Defense (DOD) released Version 1.0 of its Cybersecurity Maturity Model Certification (CMMC). Under the CMMC program, every contractor who works for the DOD, including subcontractors, will need to be certified at one of five levels. All DOD solicitations will specify which certification level is required for the contract, and contractors who do not have that certification will be ineligible for the contract. In order to obtain the certification, contractors will undergo an assessment by an independent third-party organization.
Many details about how the CMMC program will impact DOD contractors, and their subcontractors, are still unknown. The rollout will be gradual, but it will begin soon, with the requirement appearing in a handful of contracts this year. The DOD expects the CMMC to be included in all solicitations by 2026.
Keep an eye out for future posts on this important new requirement for DOD contractors and a webinar with a cybersecurity expert. Details are forthcoming. In the meantime, feel free to contact us with any questions you may have.