The role of cybersecurity has never been more prevalent than it is today. Safeguarding controlled government and military data from unauthorized disclosure is not only critical to our national security but also to economic freedom. Up until now, companies that process sensitive government data, whether directly or as a sub-contractor, have only been required to self-attest as to their knowledge of relevant regulatory requirements. In many aspects, self-attestation has proven unsuccessful as evidenced by notable breaches of critical government information in both the public and private sector. Over the past few years, data breaches, ransomware attacks and other cybercrimes have only continued to climb.
Due to this increase in cyberattacks on United States federal, state, local governments as well as private and public companies, the U.S. Department of Defense (DoD) has mandated a higher level of assessment by a third party – the Cybersecurity Maturity Model Certification (CMMC). CMMC is a unified standard for implementing cybersecurity controls based on the National Institute of Standards and Technology NIST 800-171. The mandate is for the protection of controlled unclassified information (CUI) as well as Federal Contract Information (FCI) at maturity levels 1 and 2 across the defense industrial base (DIB). The DIB supply chain includes over 300,000 companies.