On January 31 the U.S. Department of Defense (DoD) issued CMMC v1.0, a new unified cybersecurity standard coupled with a certification program for all DoD contractors and subcontractors.
CMMC contains maturity processes and cybersecurity best practices progressing across five maturity levels, from basic cyber hygiene to advanced/progressive. CMMC is instrumental in establishing cybersecurity as a foundation for future DoD procurements, as it addresses the need to protect DoD’s unclassified information (i.e., Federal Contract Information and Controlled Unclassified Information) during the acquisition and sustainment of products and services. DoD plans to roll out CMMC over the next five years, first appearing in Requests for Information and Requests for Proposals in 2020 with full implementation planned by 2026.
While many questions remain, our overview of CMMC v1.0 provides background on the model and key considerations to assist your organization in understanding and adopting the framework, such as:
- Features of the CMMC framework
- CMMC implementation
- The certification process
- Key takeaways and recommendations
This overview provides general guidance on CMMC. We hope the overview is of interest to you and gives you helpful insights.
This post was originally published on Hogan Lovells’ website.