This week, the Cyber AB (formerly CMMC AB) made a major announcement at their July Town Hall. They reported that the CMMC program is moving forward and voluntary CMMC assessment will begin next month! These assessments are being led by accredited C3PAOs (CMMC Third-Party Assessment Organization) and will convert into CMMC assessments when the CMMC Rule Making goes into effect in May 2023.
(NOTE: CyberNINES is currently going through its own assessment with DIBCAC to become an accredited C3PAO.)
CMMC is the Pentagon’s ambitious framework to more thoroughly assess and accredit any contractors that handle its controlled unclassified information (CUI) on their systems, ensuring they meet certain National Institutes of Standards and Technology (NIST) cybersecurity requirements 800-171 and 800-172. After reforming the program late last year, the Pentagon is working on issuing a final rule that will mandate those contractors that work with the department’s CUI be CMMC certified, or risk losing its business.
For defense contractors, this means that you can no longer ignore requirements to achieve compliance with NIST 800-171 and the soon-to-be CMMC requirements.
Read more here or schedule some time with one of our CMMC experts to learn more!