Does this mean you cannot bid or support contracts today? No. But what this does mean is that if you bid on a contract that requires CMMC compliance, you cannot take on that work until you comply. The time to plan is now. During FY21, the Government will be releasing the first 15 contracts that will require CMMC compliance. Rollout will occur over 5 years and by FY26, this requirement will be found on all Government contracts applying to over 300,000 contractors. This not only applies to primes, but all sub-contractors in the supply chain. The CMMC is split into 5 levels of maturity, depending on the type of data that is handled. Not all companies will be held to the same level of maturity.
• Proposal Exclusion
• Stop Work Order
• Breach of Contract Lawsuits
• Supply Chain Disruption
• False Claims Act Actions
• Reputational Damages
• Adverse Performance Reviews
• Basic cybersecurity
• Subset of universally accepted common practices
• Limited resistance against data exfiltration
• Limited resilience against malicious actions
Level 2
• Inclusive of universally accepted cybersecurity best practices
• Resilient against unskilled threat actors
• Minor resistance against data exfiltration
• Minor resilience against malicious actions
Level 3
• Coverage of all NIST SP 800-171 controls
• Additional practices beyond the scope of CUI protection
• Resilient against moderately skilled threat actors
• Moderate resistance against data exfiltration
• Moderate resilience against malicious actions
• Comprehensive knowledge of cyber assets
• Advanced and sophisticated cybersecurity practices
• Resilient against advanced threat actors
• Defensive responses approach machine speed
• Increased resistance against and detection of data exfiltration
• Complete and continuous knowledge of cyber assets
Level 5
• Highly advanced cybersecurity practices
• Reserved for the most critical systems
• Resilient against the most-advanced threat actors
• Defensive responses performed at machine speed
• Machine performed analytics and defensive actions
• Resistant against, and detection of, data exfiltration
• Autonomous knowledge of cyber assets
1490 Highway A1A Suite 201 Satellite Beach FL, 32937
blackrocket@blackengtech.com
+1 (321)-426-7292