The chief information security officer for the Department of Defense’s (“DoD”) acquisition office confirmed on a webinar last week that the DoD has officially entered into an agreement with the nonprofit accreditation body for its Cybersecurity Maturity Model Certification (“CMMC”) program. While the memorandum of understanding (“MOU”) has not been released publicly, it is expected in the coming days and is yet another conformation that COVID-19 will not impact the timeline for the CMMC requirement for all DoD government contractors.
The CMMC, based largely upon the NIST SP 800- 171 standard, provides five (5) levels of maturity which will be required for contractors wishing to do work with the DoD. The current timeline has the first requirements being rolled out in RFIs later this Spring and then in initial RFPs in the Fall.
Cherry Bekaert will continue to provide updates as things progress but, with this recent confirmation by the DoD, we are still recommending to our clients to not wait and get started now. For more information, click on the link. If you have any questions, feel free to contact CMMC@cbh.com.