CMMC Compliance

What you need to know about CMMC right now. What it means for your business and how to tackle it, step-by-step

What is CMMC

As part of an initiative to protect the US defense supply chain from cyber threats, the Department of Defense issued a new standard of cybersecurity verification controls for private contractors. Known as the Cybersecurity Maturity Model Certification, CMMC is an effort to speed up the adoption of mature cybersecurity practices and prevent false compliance claims.

CMMC builds upon DFARS and outlines multiple maturity levels, ranging from “Basic Cybersecurity Hygiene” to “Advanced.” Unlike DFARS/NIST 800-171, all contractors working with the DoD will need to undergo a thirty-party audit prior to any contract award (pre-award certification). The intent is to identify a contractor’s CMMC level in their Request for Proposal (RFP) as a decision factor when evaluating vendors.

The cold, hard facts:

Where do I start?

Meeting the requirements of CMMC requires integrating multiple solutions. You may not have a Cybersecurity expense line on your P&L, so this is a new (and significant) expense for you to consider. Here’s how to tackle it:

1. Make sure you have the right people involved. CMMC and any unintended non-compliance is a risk factor for your company, so you’ll need high-level business owners involved in this process in addition to technology owners – particularly those who are responsible for business risk.

2. Get an assessment. The time is yesterday! A CMMC assessment shows your performance against the standard and the gaps you’re required to fill. Before you ask: yes, there is a provision for self-audit if you’re up to the task; but Inline Computer and Communications can facilitate and speed up this complicated process substantially for you.

3. Weigh your options. In the end, complying with CMMC may cost more than your DoD revenue stream. You may want to consider selling that IP and the associated manufacturing processes to another larger, already CMMC certified, company rather than take on that compliance expense.

4. Build a plan of action. If you plan to move forward, work with Inline Computer and Communications to decide what gaps to fill first, then we can build a plan together. With the proper partners in the right places at the right time, you can be well on your way to CMMC compliance.

What are the levels and what do they mean?

Let's tackle this now and keep your doD business going strong.

Areas Covered

We provide a range of IT Services, Business Telephone Systems, Telecommunication Solutions and Technology Consulting in Southeast Washington including: Richland, Kennewick, Pasco, West Richland, Hermiston, Othello, Benton City, West Richland, West Pasco, Tri-Cities, Benton County, Franklin County, Walla Walla and Yakima.