Cybersecurity Maturity Model Certification (CMMC)

Cybersecurity protecting government-controlled information has become a sensitive topic. Companies and subcontractors that conduct business with the U.S. Department of Defense (DoD) will have to certify, and potentially overhaul, their cybersecurity controls and policies to comply with the Cybersecurity Maturity Model Certification (CMMC) or face a tremendous impact to their bottom line. Whether your organization works directly with the federal government or is a subcontractor, the requirements of the DFARS Interim Final Rule and the newly announced CMMC 2.0 guidelines apply. Failure to comply with these requirements could prevent future contracts, task orders or delivery orders awards. But, worse than that, failure to comply could bring litigation under the False Claims Act. Certainly, it’s a position in which no company wants to find itself.

Depending on your compliance level, an annual self-assessment with affirmation from senior company leadership or a triennial third-party assessment is required. This differs from the previous CMMC version 1.0 requirements of triennial assessments across all levels but adds additional accountability with annual assessments and affirmation required from senior company leadership. The Pentagon is moving up the expected timeline for release of interim rules to implement CMMC 2.0 to March 2023.

It is recommended that when working with a federal government contractor, you ask about their approach to providing correct cyber liability coverage that meets their unique company needs. Our AssuredPartners Government Contractor Solutions team is there to help you craft that solution. Contact the team today to find out exactly how we can best support you by keeping risks to a minimum.