The Cybersecurity Maturity Model Certification, introduced by the Department of Defense (DoD) in 2019, requires suppliers and contractors to pass a third-party audit of their cybersecurity readiness or risk losing their ability to compete for and deliver on certain DOD contracts starting in 2021. When fully operational, the CMMC will be mandatory for all entities doing business with the DoD at any level. All contractors and suppliers, primes and subs are required to:
Initial Award, or continuance, of DoD contracts will be dependent upon CMMC compliance.
CMMC compliance ranges from Basic Cyber Hygiene (Level 1) to Advanced/Progressive (Level 5) with requirements based on the types of information and the level of CUI protection required. Previously, companies could self-certify compliance with the appropriate Defense Federal Acquisition Regulations (DFARs). Now companies must pass an audit conducted by a certified third-party assessment organization (C3PAO).
With Registered Practitioners on staff, Waterleaf has the necessary certifications, resources, and cybersecurity expertise to enable you to successfully prepare for your CMMC Assessment. Depending on the level of CMMC Compliance sought, your organization will need to comply with up to 171 practices across NIST SP 800-171 r2 & Rev b, (FAR) 48 CFR 52.204-21 and other practices. We can help!
Waterleaf staff have been certified by the CMMC-AB as Provisional Assessors Level 1-3. Contact us to schedule your assessment!
There are five cumulative Certification levels to the CMMC:
Waterleaf is an expert in the requirements for CMMC compliance and can guide you on your journey. In addition, Waterleaf's Cyberleaf cybersecurity-as-a-service can be a key component in your compliance plan.