Cybersecurity and the CMMC
Ken Bloch, Program Manager

Cybersecurity is an important new reality for all of us, whether it’s a matter of using a password to log in to an email account, installing anti-virus protection, or just making sure to update your software. The Federal government, and particularly the Defense Department, takes it very seriously and has been requiring it for certain types of contracts for many years. Now there is a new DoD initiative that will touch everyone in the defense industrial base, or in other words, everyone that does business with the Defense Department.

The new cyber initiative is called Cybersecurity Maturity Model Certification (CMMC). It’s a five-layer model that applies increasing levels of security at each level. Layer 1, for example, is the lowest level. It has 17 practices to follow, mostly basic stuff and many of those can be performed in an ad hoc manner. By contrast, Layer 5, the highest level, has 171 practices and they have to be rigorously and proactively performed.

What’s perhaps most significant about CMMC is that compliance will not only be required in order to get a contract (in the future), but that third party companies will perform official certifications for the government. Thankfully, it is estimated that most small businesses will fall into Layer 1, unless you store or process and controlled information, and that implementation costs look to be a billable cost at this time.

CMMC ver 1.0 was just released on Jan 31st. Your friendly neighborhood PTAC has been following it for several months now and thinking about ways to assist you. Look for more information and training on this topic in the coming months. And as always, if you have any questions, please feel free to reach out to your local PTAC Counselor.