According to a Washington Technology article, the White House’s Office of Information and Regulatory Affairs’s (OIRA) agenda says that the Department of Defense (DoD) expects to release its final proposed rules on CMMC in June 2023. Since these rules will be open to the public for comment, we will likely see CMMC operational in 2024.
With that said, the time to prepare is now.
How to Get Prepared:
The following options are available for DIB suppliers:
- Meet requirements in-house: DoD contractors or suppliers who have the resources and IT staff available can meet the appropriate CMMC level of cybersecurity in-house. Internal IT departments can use the “Self Assessment Handbook – NIST Handbook 162” provided by the National Institute of Standards and Technology (NIST). This handbook was created by NIST with the intention of assisting U.S. DoD contractors who provide products and services for the Department of Defense. Unfortunately, this handbook only covers NIST SP 800-171 Rev. 1 and there is currently not a Self Assessment Handbook for NIST SP 800-171 Rev. 2. NIST has also made available a System Security Plan (SSP) template, and a template — two required documents for compliance.
- Get assistance from a CMMC RPO: If the contractor does not have the in-house expertise to meet the requirements of NIST SP 800-171, DoD contractors have the option of working with a third-party CMMC consultant, like SysArc, who offers CMMC compliance services. There are many qualified and experienced Managed Security Service Providers (MSSP) in the U.S. who specialize in compliance services and monitored cyber security for DoD contractors who need to implement NIST cybersecurity controls. A qualified MSSP will be able to perform this assessment and perform any remediation work necessary to pass a CMMC Audit. Look for MSSPs who have obtained CMMC RPO status AND have qualified and experienced CMMC experts on staff. An updated list of verified RPOs by the CMMC Accreditation Body can be found here.
For more information on SysArc’s solutions for CMMC compliance, consider requesting a consultation here. Our team is happy to learn about your business and walk you through our process and associated costs to prepare for CMMC.