What contractors should start to consider with the DoD’s CMMC compliance standards

2021-05-06 05:00

While the CMMC doesn't completely replace the National Institute of Standards and Technology SP 800-171, it does include and build on these standards for a clear purpose.

Enter the CMMC. With this new regulation, the DoD establishes five levels of cybersecurity preparedness, ranging from level one to level five.

The first step for companies seeking CMMC compliance is to recognize which level they want to achieve, then decide the best steps needed to comply with the corresponding standards.

At level one, the cybersecurity practices required to achieve compliance merely need to be "Performed" - that is, the cybersecurity standards are in place, even if they aren't documented, which would move the company to level two.

Only a small number of companies will go beyond level three to achieve the advanced standards of level four and level five.

Unlike with the NIST standards, there are no self-certifications for the CMMC. To achieve compliance by the 2025 deadline, companies must meet the standards set by the new assessment guides published by the DoD. These guides are worth a read, even though a self-assessment is not enough to fall in line with the new standards.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/Dz--S_pCpcc/

#compliance #DOD