Posted by Stephen Palamara, TCC Director of Business Development

Recently, the Department of Defense announced that it will soon unveil a new cybersecurity standard and certification for defense contractors, called the “Cybersecurity Maturity Model Certification” (CMMC).

According to an article by Sera-Brynn, the CMMC will serve as the enforcement mechanism that is not currently in place in DFARS Clause 252.204-7012, which requires defense contractors handling sensitive, unclassified information to implement the 110 security controls of NIST SP 800-171.

In addition, it is anticipated that the CMMC will require independent, third party audits, not the contractor self-certification currently in place. The article states “This is a fundamental change to how defense contracts are awarded today.”

The draft of the CMMC has not been published, and additional information is expected to be released in the next few months.

TCC will be watching this story closely, to gauge the impact it may have on the NIST 800-171 and NIST 800-53 Gap and Remediation Services provided by our Security Services practice.

To find out more about TCC’s Security Services please visit our website


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s