The ABCs Of CMMC

 

prepare for cmmc readiness

By Sophie Van Remortel: Digital Marketing & Content Coordinator

 

Beginning in 2025, all defense contractors will need to be assessed against the 5-tiered cybersecurity standard known as the Cybersecurity Maturity Model Certification (CMMC). CMMC is a complex topic that cannot be summarized in a single blog post. So, what fundamentals does your organization need to know in order to stay or become compliant? 

 

Why is CMMC certification being enforced? 

The primary goal of CMMC is to improve and ensure the safeguarding of sensitive data, including Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) associated with federal contractors. 

 

Who needs CMMC certification? 

Anyone within the defense contract supply chain will need to become CMMC certified in order to fulfill and/or execute those contracts. 

 

When does CMMC go into effect? 

Beginning in 2025 all Department of Defense (DoD) contracts will require CMMC certification. 

 

What CMMC level does my organization need to achieve? 

The CMMC maturity level an organization must achieve in order to do work for the DoD depends on the sensitivity of the DoD information that it will work with. Contact SWICKtech today to speak with one of our CMMC Registered Practitioners (RP) and learn more about what level your organization must meet. 

Level 1: Basic Cyber Hygiene 

Level 2: Intermediate Cyber Hygiene 

Level 3: Good Cyber Hygiene 

Level 4: Proactive 

Level 5: Advanced/Proactive 

 

Who provides CMMC licensing and certification? 

The CMMC Accreditation Body (CMMC-AB) operates under a contract with the U.S. Department of Defense (DoD). The CMMC-AB's authority to grant licensing and certification for C3PAOs, Training Providers, Instructors, and Assessors derives from that contract. 

 

What is a C3PAO? 

A CMMC Third Party Assessment Organization (C3PAO) is licensed by the CMMC-AB to conduct CMMC assessments at each level. Approved C3PAO candidates will be posted on the CMMC-AB Marketplace as “Authorized C3PAOs”. 

 

What is the difference between a RP and an RPO? 

A Registered Practioner (RP) is an individual who has attended a CMMC-AB sponsored training class, completed a CMMC test, signed the CMMC Code of Professional Conduct (CoPC), and passed a criminal background check. RPs may assist Organizations Seeking Certification (OSC) to better understand CMMC requirements, implement CMMC controls and processes, and prepare for CMMC assessments. SWICKtech currently has 2 recognized RPs. 

 

A Registered Provider Organization (RPO) is an organization or company that have made a strategic decision to become part of the CMMC ecosystem by completing a background investigation, signing the CoPC, and signing an agreement with the CMMC-AB. SWICKtech is a recognized RPO on the CMMC-AB Marketplace. 

 

How much will a CMMC assessment cost? 

The cost of a CMMC assessment will vary based on the level of certification sought, organizational scope and size, and complexity. Level 1 assessments with small organizations will be less costly than Level 5 assessments with large manufacturers, that will require multiple assessors and span months. 

 

How long will it take to complete a CMMC Level 1 assessment? 

A certified assessment has not yet been conducted, but according to the CMMC-AB based on several pilots that were completed over the course of the last several months, Level 1 assessments conducted by C3PAOs will most likely take 1-3 days to complete. 

 

What happens if weaknesses are found during an assessment? 

All OSCs will be granted a 90-day remediation period to correct weaknesses discovered during their assessment by a C3PAO. 

 

Our team of senior industry experts are early adopters of the CMMC program, closely following its development and rollout from day one. SWICKtech is currently working towards becoming CMMC Level 3 certified, is a Registered Provider Organization (RPO), and has 2 of its own Registered Practitioners (RP) designated by the CMMC Accreditation Body. 

Please reach out to our technical team to receive assistance in understanding where your business registers within the CMMC levels. We work side-by-side with you to ensure you're prepared for the CMMC audit. 

SWICKtech can help your organization become CMMC ready

 

Contact Us Today!
 

Related Blogs

Please wait while we gather your results.

What You Need to Know About Skype for Business End Of Life

In July 2019, Microsoft first announced its plan for the retirement of Skype for Business, and the transition to Microsoft Teams. Nearly two years later, this plan will become reality in a mere 2 months. Here’s a refresher on what this may mean for your business. 

Read More

Increase performance and productivity with Windows 10

End of Service for Windows 7 Ahead

Windows 7 systems will no longer have security updates

Read More

Microsoft Teams collaboration inter-office communication

Microsoft Teams: What You Need to Know

Microsoft Teams is only the tip of the iceberg in regard to everything Office 365 has to offer to enhance daily office communications, collaborations, ability to sell and extract data in ways you never knew plausible.

Read More

Sign Up for Our E-Newsletter

BBB accredited

© 2021 Swick Technologies, LLC.
top
Free Consultation!
Close Panel

Five Minute Consultation

We'd be happy to have a free, no-strings-attached consultation to talk about any IT or technology issue that you're having at your organization. Fill out the form below or reach us by phone during business hours at (262) 333-0222.

Swick Technologies

15700 W Cleveland Ave
New Berlin, WI

Sales: 262.333.0222
Help Desk: 414.257.9266

Swick Technologies LLC BBB Business Review