PREPARE FOR CMMC READINESS
Beginning in 2025, all defense contractors will need to be assessed against the 5-tiered cybersecurity standard known as the Cybersecurity Maturity Model Certification (CMMC). CMMC is a complex topic that cannot be summarized in a single blog post. So, what fundamentals does your organization need to know in order to stay or become compliant?
Why is CMMC certification being enforced?
The primary goal of CMMC is to improve and ensure the safeguarding of sensitive data, including Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) associated with federal contractors.
Who needs CMMC certification?
Anyone within the defense contract supply chain will need to become CMMC certified in order to fulfill and/or execute those contracts.
When does CMMC go into effect?
Beginning in 2025 all Department of Defense (DoD) contracts will require CMMC certification.
What CMMC level does my organization need to achieve?
The CMMC maturity level an organization must achieve in order to do work for the DoD depends on the sensitivity of the DoD information that it will work with. Contact SWICKtech today to speak with one of our CMMC Registered Practitioners (RP) and learn more about what level your organization must meet.
Level 1: Basic Cyber Hygiene
Level 2: Intermediate Cyber Hygiene
Level 3: Good Cyber Hygiene
Level 4: Proactive
Level 5: Advanced/Proactive
Who provides CMMC licensing and certification?
The CMMC Accreditation Body (CMMC-AB) operates under a contract with the U.S. Department of Defense (DoD). The CMMC-AB’s authority to grant licensing and certification for C3PAOs, Training Providers, Instructors, and Assessors derives from that contract.
What is a C3PAO?
A CMMC Third Party Assessment Organization (C3PAO) is licensed by the CMMC-AB to conduct CMMC assessments at each level. Approved C3PAO candidates will be posted on the CMMC-AB Marketplace as “Authorized C3PAOs”.
What is the difference between a RP and an RPO?
A Registered Practioner (RP) is an individual who has attended a CMMC-AB sponsored training class, completed a CMMC test, signed the CMMC Code of Professional Conduct (CoPC), and passed a criminal background check. RPs may assist Organizations Seeking Certification (OSC) to better understand CMMC requirements, implement CMMC controls and processes, and prepare for CMMC assessments. SWICKtech currently has 2 recognized RPs.
A Registered Provider Organization (RPO) is an organization or company that have made a strategic decision to become part of the CMMC ecosystem by completing a background investigation, signing the CoPC, and signing an agreement with the CMMC-AB. SWICKtech is a recognized RPO on the CMMC-AB Marketplace.
How much will a CMMC assessment cost?
The cost of a CMMC assessment will vary based on the level of certification sought, organizational scope and size, and complexity. Level 1 assessments with small organizations will be less costly than Level 5 assessments with large manufacturers, that will require multiple assessors and span months.
How long will it take to complete a CMMC Level 1 assessment?
A certified assessment has not yet been conducted, but according to the CMMC-AB based on several pilots that were completed over the course of the last several months, Level 1 assessments conducted by C3PAOs will most likely take 1-3 days to complete.
What happens if weaknesses are found during an assessment?
All OSCs will be granted a 90-day remediation period to correct weaknesses discovered during their assessment by a C3PAO.
Our team of senior industry experts are early adopters of the CMMC program, closely following its development and rollout from day one. SWICKtech is currently working towards becoming CMMC Level 3 certified, is a Registered Provider Organization (RPO), and has 2 of its own Registered Practitioners (RP) designated by the CMMC Accreditation Body.
Please reach out to our technical team to receive assistance in understanding where your business registers within the CMMC levels. We work side-by-side with you to ensure you’re prepared for the CMMC audit.