The Department of Defense (DoD) released the anticipated CMMC Proposed Rule in the Federal Register on December 26, 2023. The proposed new rule, CMMC 2.0, will require Defense Industrial Base (DIB) contractors and subcontractors to obtain their Cybersecurity Maturity Model Certification (CMMC). With a deadline for comments set for February 26, 2024, understanding the nuances of this proposal is critical for all defense contractors and subcontractors.
What You Need to Know: CMMC Program Overview
CMMC 2.0 introduces a certification process across three levels, each with specific security and assessment requirements.
- Level 1: Involves an annual self-assessment for 15 basic security requirements, with results and a senior official’s affirmation entered in the Supplier Performance Risk System (SPRS).
- Level 2: Requires contractors to verify every three years that they have implemented all 110 security requirements outlined in NIST SP 800-171 Rev 2. This verification can be done through a self-assessment or a certification assessment by a Certified Third-Party Assessment Organization (C3PAO).
- Level 3: Entails a more rigorous assessment conducted every three years by the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC). This level focuses on 24 specific security requirements from NIST SP 800-172. Contractors at this level also need to submit annual affirmations.
Implementation Timeline
DoD has outlined a structured, four-phased implementation plan for the CMMC 2.0 program:
- Phase 1 (0-6 months): Initial phase demands a Level 1 or 2 Self-Assessment as a condition for contract award. This phase focuses on establishing fundamental cybersecurity practices.
- Phase 2 (6-18 months): Increases rigor by requiring a Level 2 Certification Assessment, which can be delayed to an option period, ensuring contractors have implemented all 110 security requirements outlined in NIST SP 800-171 Rev 2.
- Phases 3 and 4: Escalate to full implementation, incorporating Level 2 and 3 Certification Assessments as standard contract award conditions. Phase 4, beginning one year after Phase 3, marks the complete rollout of the program.
OST’s Strategic Partnership with the CMMC Consortium
To ensure our clients are fully supported in this transition, OST Global Solutions has partnered with the CMMC Consortium. This consortium consists of Certified Third-Party Assessment Organizations (C3PAOs) and Registered Practitioner Organizations (RPOs), accredited by the Cybersecurity Maturity Model Certification Accreditation Body (Cyber AB). The “collective approach” provides essential knowledge in cybersecurity, leverage their experiences and unique technologies (AI/ML) to create efficiencies and reduce labor costs. Their approach translates complex cybersecurity requirements into clear terms, aiding understanding and compliance and supporting companies (RPO duties) through their journey and through the assessment (C3PAO duties). This is especially advantageous for small and medium-sized businesses, obtaining informative content in lay terms, practical solutions, and access to subject matter experts/resources.
Begin Your Certification Process Now
The journey to CMMC compliance can span 6 to 18 months. Starting now is crucial to avoid disruptions in your DoD contracts.
Ready to Take the Next Step?
Avoid falling behind on these critical changes. Schedule your consultation with OST today and stay ahead in the evolving world of defense contracting.
Schedule a Brief Consultation.
Overcoming Compliance Challenges Together
With OST and the CMMC Consortium, you’ll navigate the cost, complexity, and resource challenges of CMMC compliance efficiently. We’re here to support you from initial assessment to ongoing compliance, ensuring your smooth transition into the CMMC 2.0 era.
https://calendly.com/catapultbd/cmmc-conversation-ost-global
About CMMC Consortium
The CMMC Consortium includes half a dozen companies to support the increasing demand on the Defense Industrial Base (DIB) with the implementation of CMMC, which include: Penacity (C3PAO), Summit Business Technologies (RPO), Captiva Solutions (RPO), Technology Business Solutions (RPO), Ronathan (Tech Co.), Compass (Tech Co.), Atsign (Tech Co.), and Catapult BD. We are accredited professionals, subject matter experts, and thought leaders in the cybersecurity world, and we bring with significant DoD Expertise. Our RPO‘s & C3PAO’s are accredited by the Cyber AB and many are part of the Maryland Cybersecurity Sellers program that can help qualify for the tax credit.
In 2023 our Consortium expanded to include strategic partners like Americas SBDC’s, Economic Development Authorities, MBDA’s, APEX’s, Large Primes and others across the country. We are based in the Washington DC Metro region but service across the U.S. to Hawaii and as far as Guam.
OST Global Solutions is a professional business development consulting firm. We have extensive experience in winning large, strategic bids. We can provide capture and proposal teams to develop a complete, winning proposal. Or we can provide consultants on a case-by-case basis to fill gaps on your business development team.
OST Global Solutions is a professional business development consulting firm. We have extensive experience in winning large, strategic. We can provide capture and proposal teams to develop a complete, winning proposal. Or we can provide consultants on a case-by-case basis to fill gaps on your business development team. Our services related to VICCS consist of capture management, strategic planning, competitive assessment, teaming and partnership development, and RFI response and interaction.
service@ostglobalsolutions.com
Upcoming Bid & Proposal Academy Classes
Winning Government Cost Proposals Including AI Essentials
OST Global Solutions Virtual Classroom MD, United StatesDeveloping a Winning Cost Volume course helps you increase your federal contract win probability. We focus on Government contract evaluation, pricing fundamentals such as cost buildup and cost volume elements, price strategy, developing basis of estimate (BOE), coming up with assumptions, Work Breakdown Structure (WBS), cost volume narrative, winning in lowest price technically acceptable proposals (LPTA), and much more.
Foundations of Federal Business Development: Strategies with AI Integration
OST Global Solutions Virtual Classroom MD, United StatesThis Government Business Development training offers essential skills in professional business development for Government contractors selling services and solutions to the Federal Government. The two-day course begins with an overview of the Federal business development (BD) process and what it takes to succeed in the profession. It proceeds to the basics of U.S. Government business.
Blueprint for Federal Business Development: Processes, Tools, & AI Use Cases
OST Global Solutions Virtual Classroom MD, United StatesDo you want to know how to find more opportunities, run captures, write winning proposals, and secure multimillion-dollar contracts to grow your company in the Federal market? Over the course […]