Getting Ready for CMMC | Recommended Resources and Links

CMMC Resources

Introduction

The Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) program will be a new contractual requirement for all DoD contractors. It will impact the 300,000 firms that make up the defense industrial base.  It will not be a self-attestation model, but rather a third-party certification and compliance model.

In 2020, the DoD plans to finalize the CMMC framework and to start implementation with a select group of acquisitions.

Here are some go-to facts and resources to help you prepare.

CMMC Timeline

September 2019 CMMC Draft Version 0.4 released
November 8, 2019 CMMC Draft Version 0.6 released
November 19, 2019 CMMC Accreditation Body Industry Day, Arlington, VA*
December 13, 2019 CMMC Draft Version 0.7 released
January 30, 2020 CMMC Version 1.0 released
Summer 2020 Industry should begin to see the CMMC requirements as part of Requests for Information.

* During the meeting, DoD outlined timeline and expectations and challenged industry to self-organize to form the Accreditation Body to implement the CMMC standard.

Resources

Sera-Brynn’s webinar on CMMC Version 0.6 (including a detailed analysis of the Level 1-3 standards maturity processes) is now available below:

Sera-Brynn’s webinar on CMMC Version 0.7 (including a detailed analysis of Level 4-5 standards and maturity processes) is now available below:

CMMC official website:  https://www.acq.osd.mil/cmmc/index.html. 

CMMC official updates: https://www.acq.osd.mil/cmmc/updates.html

Slidedeck titled “Securing the DoD Supply Chain: Cybersecurity Maturity Model Certification,” by Ms. Katie Arrington, Chief Information Security Officer for Acquisition (approved for public release Dec. 9, 2019).


The author, Colleen H. Johnson, JD, is a senior legal analyst at Sera-Brynn, a Virginia-based cyber risk management firm.