Cyber-attacks disrupt business operations and put intellectual property and sensitive information at risk. In a 2018 report, the Council of Economic Advisers (CEA) estimated that malicious cyber activity costed the U.S. economy between $57 billion and $109 Billion in 2016 (Source). Another report by the Center for Strategic and International Studies (CSIS), in partnership with McAfee, states that about $600 billion, nearly one percent of global GDP, is lost to cyber-crime annually (Source).
Cybersecurity Maturity Model Certification (CMMC)
In early 2020 the Department of Defense (DoD) released the Cybersecurity Maturity Model Certification (CMMC). This new guideline and certification process rolls in various cybersecurity standards and best practices into one multi-level framework to ensure cybersecurity is met at the appropriate level across all federal acquisition processes. All companies interested in contracting with the DoD, including subcontractors, must be certified through an accredited independent third party organization and expected to see CMMC levels incorporated into Requests for Information as early as June 2020.
Department of Defense Resources:
While PTACs are not certifiers, PTAC counselors are able to help clients who are DoD Primes and Subs step through the Level 1 requirements as they are not highly technical. For higher levels of certifications, PTAC counselors are able to guide clients through the framework and available tools and refer them to other accredited independent third party organizations. For further assistance contact your Procurement Specialist or Apply for services.
Below are links to learn more about the risks of cyber-attacks, self-assessment tools, and the latest regulations.
- CMMC Model and Assessment Guides | DoD
- Supplier Performance Risk System | DoD
- Readiness Review Level 1 | PTAC at Del Mar College
- Supplier Performance Risk System (SPRS) | Department of Defense
- CMMC Maturity Level 1 (ML1) Questionnaire
- Norcal PTAC | Cybersecurity Requirements Worksheet
- Norcal PTAC | Recorded Webinars on Cybersecurity [10/2019, 4/2020]
- National Institute of Standards and Technology | Assessing Security Requirements for Controlled Unclassified Information (PDF)
- National Institute of Standards and Technology | Assessment & Auditing Resources
- National Institute of Standards and Technology | Cybersecurity Resources for Manufacturers
- SBA | Small Business Cybersecurity