In January 2020 the Department of Defense (DoD) released version 1.0 of the Cybersecurity Maturity Model Certification (CMMC). This new guideline and certification process rolls in various cybersecurity standards and best practices into one multi-level framework to ensure cybersecurity is met at the appropriate level across all federal acquisition processes.
All companies interested in contracting with the DoD, including subcontractors, must be certified through an accredited independent third party organization and expected to see CMMC levels incorporated into Requests for Information as early as June 2020.
While PTACs are not certifiers, PTAC counselors are able to help clients who are DoD Primes and Subs step through the Level 1 requirements as they are not highly technical. For higher levels of certifications, PTAC counselors are able to guide clients through the framework and available tools and refer them to other accredited independent third party organizations.
Cyber-attacks disrupt business operations and put intellectual property and sensitive information at risk. In a 2018 report, the Council of Economic Advisers (CEA) estimated that malicious cyber activity costed the U.S. economy between $57 billion and $109 Billion in 2016 (Source). Another report by the Center for Strategic and International Studies (CSIS), in partnership with McAfee, states that about $600 billion, nearly one percent of global GDP, is lost to cyber-crime annually (Source).
Below are links to learn more about the risks of cyber-attacks, self-assessment tools, and the latest regulations.
- Supplier Performance Risk System (SPRS) | Department of Defense
- CMMC Maturity Level 1 (ML1) Questionnaire
- Norcal PTAC | Cybersecurity Requirements Worksheet
- Norcal PTAC | Recorded Webinars on Cybersecurity [10/2019, 4/2020]
- Office of the Under Secretary of Defense for Acquisition & Sustainment | Cybersecurity Maturity Model Certification
- National Institute of Standards and Technology | Assessing Security Requirements for Controlled Unclassified Information (PDF)
- National Institute of Standards and Technology | Assessment & Auditing Resources
- National Institute of Standards and Technology | Cybersecurity Resources for Manufacturers
- Department of Defense | Project Spectrum
- SBA | Small Business Cybersecurity