Cybersecurity Maturity Model Certification

Connect with us

The Department of Defense (DoD) has released the Cybersecurity Maturity Model Certification (CMMC) Version 1.0, a new framework designed to assess and enhance the cybersecurity posture of the Defense Industrial Base (DIB) and its suppliers. CMMC is an evolution of DFARS 252.204-7012 (NIST SP 800-171) and now requires third-party attestation.

Although CMMC Version 1.0 was recently released, all organizations that provide services to the DoD will eventually need to be CMMC certified to bid on future DoD solicitations. The first solicitations with a required CMMC maturity level are expected to be released as early as June 2020.

Maturity Level Overview

The CMMC outlines five compliance maturity levels that range from Basic Cybersecurity Hygiene (Level 1) to Advanced Cybersecurity Practices (Level 5). Each of the five levels outline practices and processes that, when properly implemented, will reduce the risk of hostile agents breaching a company’s cybersecurity defenses. Based on CMMC Version 1.0 released in January 2020, the maturity levels are:
 



Maturity level certification considerations

Every organization that plans on renewing a current contract or bidding on a new contract in the future will need to be certified at one of the 5 maturity levels outlined above. The DoD will determine which maturity level is required to bid on each solicitation; therefore, organizations will need to determine which maturity level is needed based on the nature of the contracts and work they would like to pursue.

The maturity level for each organization will need to be validated by a CMMC Third-Party Assessment Organization (C3PAO) that will be authorized and trained to perform the work by the CMMC Accreditation Body (CMMC-AB). Organizations will only be able to bid on contracts with a required maturity level equal to or less than their certified maturity level.


How to prepare for CMMC

  • Get started now! It can take time, resources, and investment to fully understand and implement good cybersecurity practices.
  • Do some research.  Read through standards like CMMC 1.0, NIST 800-171, and the DoD CC SRG and think about how they may apply to the work your organization does or may seek to do with the DoD.
  • Stay informed.  Monitor the official DoD and CMMC AB websites for new developments. 
  • Provide feedback.  The CMMC accreditation board is looking for feedback from the industry through FAQs and working groups.
  • Get professional help.  Third-party assessment organizations like Coalfire can offer both advisory and assessment expertise that will help your organization prepare for CMMC.

Coalfire’s full spectrum of CMMC services

Advisory: Are you unsure whether CMMC applies to your organization? Have you received a compliance request from the DoD or your prime contract holder? Are you wondering how your current NIST 800-171 or DFARS 252.204-7012 capabilities transfer to the CMMC practices and processes? Coalfire’s team of experts, acting as an objective third party, can help you answer these questions and interpret the impact of CMMC to your environment. We can also perform a gap analysis on your environment/organization to help devise a roadmap to your desired CMMC maturity level.

Remediation: We offer a suite of remediation services dedicated to helping you meet or exceed your desired CMMC maturity level. These services include developing security documents, resolving threat and vulnerability assessment findings, cloud engineering, and implementing technology.

Attestation: CMMC assessment services are expected to become available in the second quarter of 2020. Once certified as a C3PAO, we will support organizations that are ready for final assessment and certification.

Why choose Coalfire?

For nearly 20 years, Coalfire has provided commercial and public sector organizations, including the DoD, with industry-leading cybersecurity and compliance advisory services. As one of the industry’s largest and most experienced risk management and compliance assessment organizations, Coalfire can provide the expertise and support to guide you successfully through the CMMC certification process.

Top