Fairfax, Newport News, and Virginia Department of Defense (DoD) contractors and subcontractors will soon be required to comply with the new Cybersecurity Maturity Model Certification (CMMC) standard. The new standard is designed to help counteract the significant increase in the compromises of sensitive defense information which is shared across the defense industrial base. In the past, DoD contractors have been responsible for maintaining certain cybersecurity practices, but under CMMC new requirements are added such as third-party assessments of compliance coupled with more robust protections. All DoD contractors will need to be compliant with CMMC to continue doing business with the DoD.
5 Levels of CMMC
Phased in over a five-year period, CMMC includes 5 maturity levels based on a Virginia DoD contractor’s access to Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). The first maturity level known as basic cyber hygiene requires the use of antivirus and passwords to control FCI. The requirements become more complex reaching a pinnacle with Level 5, Optimizing, which requires standardized processes to address Advanced Persistent Threats (APT).
Virginia Top DoD Spending Locations
Newport News CMMC Services
Many Newport News DoD contractors need assistance performing initial assessments to uncover issues and establish corrective actions. Our team has almost 20 years of experience providing cybersecurity on major frameworks such as NIST SP 800-171, NIST SP 800-53, HIPAA, and others. As CMMC RPO, our team can help DoD prime and subcontractors with the following:
- Readiness Assessments and Gap Analyses Against the CMMC Framework
- Assistance with Remediating Gaps Identified during Readiness Assessment
- Assistance with NIST SIP 800-171 Self-Assessment that is recorded in Supplier Performance Risk System