Cybersecurity Maturity Model Certification
MSS Global is currently preparing to become a Certified 3rd Party Assessment Organization (C3PAO) in support of DOD and the CMMC Accreditation Body (CMMC-AB). MSS Global expects to become an accredited CMMC C3PAO once accreditation is available. We intend to have select auditors attend requisite training and testing as soon as it available from the CMMC-AB. We intend to begin offering CMMC auditing services as soon as both the company and our auditors receive all required credentials from the CMMC-AB.
What is CMMC?
The Cybersecurity Maturity Model Certification (CMMC) is a unified standard for implementing cybersecurity across the defense industrial base (DIB).
The current state of play, and DOD expectations
DOD intends to begin including the requirement for CMMC in solicitations beginning in the second half of 2020. They anticipate full adoption over a 3 to 5-year period via the DOD solicitation/ recompete cycle. The CMMC level required will be specified in the solicitation. DOD has stated that they anticipate that approximately 85% of DOD contracts will require Level 1 certification, with the majority or the rest requiring Level 3. Level 4 and 5 certifications will be required sparingly and only for the most sensitive requirements.