OneTeam Government Contracting Software Blog

Cybersecurity Maturity Model Certification (CMMC): Security Needed for DoD Awards

Jun 15, 2020 12:24:05 PM / by OneTeam

OTS-Cybersecurity Maturity Model Certification Security Needed for DoD Awards

The DoD is looking to protect vital data and enhance sensitive controlled information from cyber loss, which occurs at a rate of 1% of GDP each year. To assist in managing information based on its sensitivity, the DoD has assigned five levels of security standards which contractors and their vendors must meet.

The government will train assessors to assist organizations in meeting certification levels and to allow them to improve their assessment capabilities by adding CMMC standards to their evaluation efforts. Although it is not confirmed, it has been indicated that beginning this fall, the DoD will be implementing the requirement that all contracts have CMMC requirements/certification at the time that contracts are awarded.

Why CMMC?

Government agencies, including the DoD, have seen an explosion of cyber thefts in recent years. Managing ever-increasing sensitive information regarding our country’s protection and safety, it is crucial that contractors doing business with the government increase their levels of accountability and data protection. In the past, contractors looked to both IST 800-171 and DFARS 252.204-7012 for compliance. The new CMMC is intended to increase the security of contractors and their data. To warrant compliance by the over 300,000 vendors in the DoD supply chain, third party auditors (3PAO) are necessary to keep the contracting system working successfully.

Certification Levels

All companies which do business with the Department of Defense and listed in the Defense Industrial Base (DIB) are covered by the CMMC requirements, even at the most basic level (Level 1). This level parallels existing FAR 52.204-21 requirements, and thus all contractors should already be compliant. In comparison, those who are in possession of government data, especially that which is listed as Controlled Unclassified Information (CUI), need to achieve Level 3 certification. The requirements for Levels 4 and 5 are still in the works.

To reach the various levels of certification, contractors, and venders will need to look at their platforms, data back-ups, project and information management systems, and current security protocols they are utilizing right now. Additionally, policies and procedures need to meet certification requirements and be scalable to match the growing need for protected data.

What it Means for Contractors

For many small contractors, accounting systems and other software solutions are one of the first places to look for security concerns. You will likely need to institute new policies, consider more secure (and CMMC certified) platforms, train or hire IT staff, as well as making a change in your culture and approach to information in your organization.

Soon to be a Leader in CMMC

OneTeam is dedicated to offering your company the most robust system for capturing potential opportunities, the most extensive system for managing your proposal development process, and tools to find teaming partners, writing proposals, and streamlined communication.

OneTeam has already begun the process of reaching CMMC Level 3 Certification. This is an extensive process, and we look to become one of the first software platforms to complete certification under the new, more rigorous standards. To find out how you can protect your data while upgrading your pipeline management system in an integrated system, contact OneTeam. We can tell you more about our platform, share some success stories, and even offer you a demo.

SCHEDULE A DEMO

Tags: Government Contract Lifecycle Management, oneteam news

OneTeam

Written by OneTeam

OneTeam was born in 2014 when Glenn Meyer, founder of The Trident Group, Inc. (TGI), realized the world of government contracting could be exponentially improved by leveraging the benefits of cloud computing to provide one integrated solution for the entire contract lifecycle – from capture to closeout. Our vision is to improve, by an order of magnitude, the way Federal Government Contractors, win and execute government contracts, by providing one integrated, affordable, cloud-based solution. We endeavor to take the pain out of winning and executing Federal Government business.

Leave Us A Comment