CMMC Overview and Timeline
In January of 2020, the Department of Defense (DoD) released the Cybersecurity Maturity Model Certification (CMMC) and framework. CMMC is a recognition that cyber threats diminish American industry’s competitive advantage and pose a threat to America’s national security.
CMMC is designed to assess the cybersecurity maturity of an organization based upon 17 domains across both processes and practices. While the certification is new, the controls associated with CMMC are known. In total, there are 171 controls that are derived from the following frameworks and regulations:
- NIST SP 800-171
- NIST SP 800-171B
- 48 CFR 52.204-21
CMMC details 5 levels of maturity that an organization can be certified on – largely centered on the theme of the institutionalization of cybersecurity practices. In addition, organizations must obtain the lowest level of maturity in totality (practices and processes) before obtaining a higher-level maturity certification. Finally, organizations are able to bid on DoD work based upon their certified maturity level.
The DoD’s timeline for CMMC implementation shows that they are serious about the certifications and making it a requirement moving forward.
- February to May 2020 – Assessors/3PAO’s will be trained and certified.
- June to September 2020 – Initial rollout of a subset of DoD programs/RFI’s that include CMMC level certification will begin. Organizations wishing to bid must be certified at the required CMMC level.
- October 2020 and beyond – All DoD contractors will need to be certified to bid on new work.
As indicated above, the DoD is moving expeditiously to implement CMMC. Organizations should not wait to understand their cybersecurity maturity level – the frameworks, regulations, and controls are known. As such, organizations that are seeking CMMC can (read: must) begin to self-assess and, more importantly, begin remediation activities prior to engaging a certified assessor.
How TrustMAPP Can Help
TrustMAPP’s Cybersecurity Maturity Assessment software is built specifically for organizations that are looking to kickstart their CMMC activities. What’s more, TrustMAPP has developed an automated CMMC assessment that contains all of the necessary components to prepare organizations for a third-party assessment. TrustMAPP’s CMMC assessment includes:
- Automated CMMC assessment user assignment and distribution
- CMMC control mapping to NIST frameworks
- Remediation recommendations at a control level
- Capital and resources estimates to achieve the desired certification level
- Pre-built GAP analysis dashboard
- Task management tools
Learn more about TrustMAPP’s solution by contacting us today!