Updated: Jun 20
The first version of the long anticipated Cyber Security Maturity Model Certification (CMMC) was released on January 31, 2020. There were no major departures from the previously released draft and the Office of the Under Secretary of Defense for Acquisition & Sustainment is progressing as planned with the established timeline for CMMC requirements to show up in Requests for Information (RFIs) beginning June 2020 and September 2020 in Request for Proposal (RFPs).
Department of Defense (DoD) prime and subcontractors will have until then to prepare for third party audits and final certification. All businesses hoping to do work with the DoD must meet the minimum certification standard specified for the opportunity.
Version 1.0 of the CMMC features:
– 17 capability domains; 43 capabilities
– 5 processes across five levels to measure process maturity
– 171 practices across five levels to measure technical capabilities
Following the release of the CMMC, v1.0 , Kevin Fahey, assistant secretary of defense for acquisition; and Katie Arrington, special assistant to the assistant secretary of defense for acquisition for cyber conducted a news conference on cyber security standards for government acquisition at the Pentagon. A video recording of the brief is available for viewing on the Defense.Gov - DOD Officials Discuss Cyber Security Standards.
Download the PowerPoint CMMC v1.0 briefing here.
Download the full CMMC v 1.0.
Have questions or need assistance getting CMMC certified? Visit the KCS CMMC page and connect with us to learn how to become CMMC compliant before its launch. Our team is available to review your current information systems and deliver a customized road map to certification to ensure your organization is operating at basic hygiene and above standards.