Posted by Stephen Palamara, TCC Director of Business Development
Recently, the Department of Defense announced that it will soon unveil a new cybersecurity standard and certification for defense contractors, called the “Cybersecurity Maturity Model Certification” (CMMC).
According to an article by Sera-Brynn, the CMMC will serve as the enforcement mechanism that is not currently in place in DFARS Clause 252.204-7012, which requires defense contractors handling sensitive, unclassified information to implement the 110 security controls of NIST SP 800-171. https://sera-brynn.com/pentagon-to-unveil-new-cybersecurity-maturity-model-certification-cmmc-for-defense-contractors/
In addition, it is anticipated that the CMMC will require independent, third party audits, not the contractor self-certification currently in place. The article states “This is a fundamental change to how defense contracts are awarded today.”
The draft of the CMMC has not been published, and additional information is expected to be released in the next few months.
TCC will be watching this story closely, to gauge the impact it may have on the NIST 800-171 and NIST 800-53 Gap and Remediation Services provided by our Security Services practice.
To find out more about TCC’s Security Services please visit our website https://www.e-tcc.com/security-services.