Cybersecurity Maturity Model Certification: Get Ready Today

By Amos Aesoph, Xigent CISO

CMMC - Logo

Over the past year, cyberattacks on government networks have been big news. Hackers have breached federal and state agencies, schools and local governments, and law enforcement with ransomware, holding IT systems and data hostage.

To combat the risk of permanent damage to national security and the country’s infrastructure and supply base, a new cyber security certification called the Cybersecurity Maturity Model Certification (CMMC) is being required for some federal contractors.

The new rules apply to an estimated 300,000 organizations that do business with the Department of Defense as contractors or subcontractors, selling supplies, providing services, or doing construction work. In the past, these businesses were able to self-certify their cyber security processes, but that’s about to change.

What is the Cybersecurity Maturity Model Certification (CMMC)?

It’s a security framework that the DoD will use to assess the security, capability, and resilience of contractors and subcontractors. Organizations will need to verify their ability to adequately protect sensitive unclassified information.

What is all involved?

Contractors will soon have to meet a series of requirements to be certified, with five possible tiers of cybersecurity maturity specified. Level 1 is the most basic, requiring organizations to perform basic cyber security practices, including 17 different security controls. Additional requirements must be verified at every level, up to Level 5, where organizations must demonstrate an advanced, proactive cybersecurity model.

To obtain any of these levels of certification, organizations will need to be assessed by a qualified third-party certifier. The national CMMC Accreditation body is training those third-party assessors right now.


Who needs the CMMC?

This new certification will be mandatory for every company that does any type of business with the DoD. If your organization is one of them, the CMMC needs to be on your radar right now. The CMMC requirement is being rolled out gradually, but all DoD suppliers will need to be certified by 2025. Federal officials recommend beginning your certification process at least six months before you need it.


Need more information?

Xigent CISO Amos Aesoph has attained registered practitioner status for the CMMC and can consult on the reliability and maturity of your company’s cybersecurity. Schedule a conversation today to learn more about the process involved in becoming a CMMC certified supplier.


Get a Security Assessment