The DoD is looking to protect vital data and enhance sensitive controlled information from cyber loss, which occurs at a rate of 1% of GDP each year. To assist in managing information based on its sensitivity, the DoD has assigned five levels of security standards which contractors and their vendors must meet.
The government will train assessors to assist organizations in meeting certification levels and to allow them to improve their assessment capabilities by adding CMMC standards to their evaluation efforts. Although it is not confirmed, it has been indicated that beginning this fall, the DoD will be implementing the requirement that all contracts have CMMC requirements/certification at the time that contracts are awarded.
Government agencies, including the DoD, have seen an explosion of cyber thefts in recent years. Managing ever-increasing sensitive information regarding our country’s protection and safety, it is crucial that contractors doing business with the government increase their levels of accountability and data protection. In the past, contractors looked to both IST 800-171 and DFARS 252.204-7012 for compliance. The new CMMC is intended to increase the security of contractors and their data. To warrant compliance by the over 300,000 vendors in the DoD supply chain, third party auditors (3PAO) are necessary to keep the contracting system working successfully.
All companies which do business with the Department of Defense and listed in the Defense Industrial Base (DIB) are covered by the CMMC requirements, even at the most basic level (Level 1). This level parallels existing FAR 52.204-21 requirements, and thus all contractors should already be compliant. In comparison, those who are in possession of government data, especially that which is listed as Controlled Unclassified Information (CUI), need to achieve Level 3 certification. The requirements for Levels 4 and 5 are still in the works.
To reach the various levels of certification, contractors, and venders will need to look at their platforms, data back-ups, project and information management systems, and current security protocols they are utilizing right now. Additionally, policies and procedures need to meet certification requirements and be scalable to match the growing need for protected data.
What it Means for Contractors
For many small contractors, accounting systems and other software solutions are one of the first places to look for security concerns. You will likely need to institute new policies, consider more secure (and CMMC certified) platforms, train or hire IT staff, as well as making a change in your culture and approach to information in your organization.
Soon to be a Leader in CMMC
OneTeam is dedicated to offering your company the most robust system for capturing potential opportunities, the most extensive system for managing your proposal development process, and tools to find teaming partners, writing proposals, and streamlined communication.
OneTeam has already begun the process of reaching CMMC Level 3 Certification. This is an extensive process, and we look to become one of the first software platforms to complete certification under the new, more rigorous standards. To find out how you can protect your data while upgrading your pipeline management system in an integrated system, contact OneTeam. We can tell you more about our platform, share some success stories, and even offer you a demo.