AUGUST 12, 2021
ALEXANDRIA, Va. – In 2016, the Council of Economic Advisors, an agency within the Executive Office of the President, estimated that malicious cyber activity cost the U.S. economy between $57 billion and $109 billion. As a result, the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 was developed to provide defense contractors a list of 110 security requirements for protecting the confidentiality of controlled unclassified information (CUI).
In an effort to further increase the security and resiliency of the Defense Industrial Base (DIB) – companies involved in supply chains tied to government contracts – the U.S. Department of Defense (DOD) launched the Cybersecurity Maturity Model Certification (CMMC) as a unified standard to assess a company’s cybersecurity strength. CMMC also allows the federal government to gauge if certain companies are suitable to handle sensitive Department of Defense (DOD) information.
The CMMC includes a total of five different “levels” of varying cybersecurity maturity. These levels are intended to gauge how matured an organization’s information security practices are. Each level builds upon the previous one, adding more security controls with each increase in level.
To become CMMC certified, defense contractors must be assessed by an authorized and accredited CMMC Third Party Assessment Organization (C3PAO). While there are no qualified C3PAOs yet, the CMMC Accreditation Body (CMMC-AB) is working to authorize and accredit organizations in accordance with DoD requirements as soon as possible.
With all Department of Defense contracts needing to meet CMMC requirements by 2025, it’s imperative that contractors who work with the DoD get started on achieving CMMC certification.
Planate Management Group (Planate) is at the forefront of securing CMMC certification to enhance the protection of controlled unclassified information (CUI) and intellectual property (IP) within the supply chain of the U.S. Defense Industrial Base. Our IT team brings a wealth of information security and risk management experience and works to ensure that Planate is fully compliant and managing all possible risks. The team operates 24/7, always monitoring and on call for security-related events. We continually provide our employees with various information security and CUI handling training to ensure they are up to date on the latest protections.
Planate is currently in the final stages of preparation to become CMMC Level 3 certified and will be ready for assessment as soon as an authorized and accredited C3PAO becomes available.