Provided CMMC Overview for Defense Contractors
On November 16, AGC hosted a webinar with Katie Arrington, Chief Information Security Officer for the Under Secretary of Defense for Acquisition and Sustainment, to provide defense contractors an overview of the upcoming Cybersecurity Maturity Model Certification (CMMC). Department of Defense (DOD) will begin including mandating cybersecurity certifications for all companies that do business with DOD. On the webinar Ms. Arrington discussed the interim rule and what defense contractors can expect. Among these items were: Defense Contractors must be registered in SPRS by December 1; self-attest compliance to NIST SP 800-171; may begin getting assessed for CMMC levels from the Accreditation Body on December 1; and expects defense construction contracts to begin requiring CMMC certification by Spring 2021. On the final point, Ms. Arrington said that the CMMC certification may be delayed depending on the availability of CMMC assessors.
CMMC will be required as “go/no go” in DOD solicitations. The purpose of CMMC is to become the “unified cybersecurity standard” for all DOD contractors. Under this model, defense contractors will be required to be certified among the five different levels in order to be eligible for contract award.
For more information, contact Jordan Howard at jordan.howard@agc.org or (703) 837-5368.