Cybersecurity Maturity Model Certification Update

The Cybersecurity Maturity Model Certification (CMMC), a unified standard for implementing cybersecurity across the defense industrial base (DIB) sector, including government contractors and suppliers, has been a requirement for years. Despite the requirement, enforcement of CMMC has been weak. There are many reasons for this; however, the Department of Defense (DOD) is rapidly making changes to ensure enforcement.

The need for cybersecurity is growing throughout the federal government across all agencies and government contractors. To address this need, the CMMC framework consists of five maturity levels, each building upon the previous one. CMMC certification is required for any organization that wishes to bid on DOD contracts that handle sensitive government information.

As evidence of a move to improve enforcement efforts across all sectors, the White House is expected to issue an implementation plan for a new national cyber strategy in early summer 2023. In the coming weeks, officials will seek public comment on how to coordinate a growing patchwork of cybersecurity regulations.

The Biden administration’s recently issued national cyber strategy calls for establishing minimum cybersecurity requirements for critical infrastructure sectors. The document is a departure from historical approaches to critical infrastructure cybersecurity that have relied on voluntary security standards and programs.

If you’re doing business with the DOD, directly or indirectly, review this article from the AssuredPartners Government Contractor Solutions team.

When working for the federal government, it’s essential that you understand the cybersecurity requirements and have adequate cyber liability coverage. The AssuredPartners Government Contractor Solutions team is there to help you craft that solution.