CMMC TIMELINE - WHY IS THIS IMPORTANT?
It’s important to clarify that although the CMMC requirement begins in 2020/2021, all DoD suppliers have been given sufficient time with which to obtain certification — until 2025, in fact.
This buffer is valuable, as the road to CMMC certification is not easy, fast, or cheap. First, the waiting period between application and certification is at least six months. Plus, estimates for the average ongoing cost of CMMC compliance is approximately $3,000 per employee per year. Initial one-time implementation costs can range from $500 to $1,000 per employee.
The Cybersecurity Maturity Model Certification states that contractors can choose to “achieve a specific level for its entire enterprise network or for particular segments where the information to be protected is handled and stored.” However, DoD solicitations will specify what maturity level the supplier needs to be at in order to respond to the request for proposal. Therefore, it is essential to conduct an assessment of the business and also determine what (or if) CUI is part of the equation.
OUR ADVICE - START NOW BECAUSE THIS IS NOT A FAST PROCESS AND HERE IS WHY...
There are 17 DOMAIN CONTROLS “Basic Cyber Hygiene” – DoD contractors who wish to pass an audit at this level must implement 17 controls of NIST 800-171 rev1. - and this is just the beginning.
There are over 100 controls outside of the 17 domain controls, specific amounts will be based on your CMMC Level.
Have we talked about the fines, lost of contracts, etc...