What CMMC Means for Small Businesses

The Cybersecurity Maturity Model Certification (CMMC) is a unified standard for implementing cybersecurity across the defense industrial base (DIB), which includes over 300,000 companies in the supply chain. The CMMC is the DoD’s response to significant compromises of sensitive defense information located on contractors’ information systems. The effort essentially builds from the DoD’s existing DFARS 252.204-7012 regulation. 

Small Business contractors perform a wide range of requirements for the DoD, from administrative and technical work to construction and landscaping. Regardless of what area of expertise a contractor maintains, all will be required to ramp up their cybersecurity efforts under the CMMC initiative.

An interim rule that takes effect on November 30th states that there is an “urgent need for DoD to immediately begin assessing where vulnerabilities in its supply chain exist and take steps to correct such deficiencies.” The rule in the Defense Federal Acquisition Regulation Supplement (DFARS) requires defense contractors to undertake specific data security corrections through the DoD’s Basic Assessment process, which are submitted to the Supplier Risk Management System. Additionally, defense contractors are required to have certification under the CMMC framework, which assesses security processes and practices. These assessments are now to be carried out by CMMC Third-Party Assessment Organizations, rather than through self-certification.

With all that is going on in the world, the security of our nation is a priority. Cyber attacks have become increasingly dangerous and persistent and small business contractors must step up and help in an effort to keep our nation safe.

Author: Paul McVeigh