The DoD Cybersecurity Maturity Model Certification (CMMC) Video talks about the new cybersecurity standard requirements – the CMMC – for Defense Industrial Base “DIB” contractors and subcontractors.
What is it?
• CMMC is the abbreviation for Cybersecurity Maturity Model Certification.
• It is designed to provide assurance to the Department of Defense (DoD) that the Defense Industrial Base (DIB) contractors can protect Confidential Unclassified Information (CUI) at a level equivalent with the risk.
Why is CMMC being created?
The DoD will specify the required CMMC level for each contract in Request For Information (RFI) and Request for Proposal (RFP).
• Malicious cyber activities cost the U.S. up to $109B per year.
• Nation states threat actors actively target DIB companies (~300,000+).
• Department of Defense will enhance cyber security for all DIB companies.
• CMMC will serve as a verification mechanism. It will ensure that appropriate levels of cyber security practices and processes are in place. Additionally, it will protect controlled unclassified information (CUI) on the DIB contractor’s networks.
Who needs to get CMMC?
• All Defense Industrial Base companies (prime and subcontractors) must obtain CMMC.
• DIB companies are required to meet FAR Clause 52.204-21 to safeguard Federal Contract Information (FCI). They are required to be certified CMMC Level 1 (minimum) even if they do not possess CUI.
• The level of the CMMC for subcontractors is dependent upon the type and nature of information that flows from their prime contractor.
• Exception: Makers of Commercial-Off-The-Shelf (COTS) products do not require a CMMC certification.
Who will perform CMMC Assessments?
• Only CMMC Third Party Assessment Organizations (C3PAOs) and individual assessors that have been approved by the CMMC Accreditation Body (CMMC-AB) can perform official CMMC assessments.
KLC Consulting has applied to be a C3PAO
KLC Consulting has applied to be a Certified 3rd Party Assessment Organization – C3PAO with the Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB).
CMMC Model Framework
A Process is a specific procedural activity that is required to be performed in order to achieve a capability level.
A Practice is a specific technical activity that is required and performed to achieve a specific level of cyber security maturity for a given capability within a domain.
CMMC Model Structure
CMMC Maturity Process Progression
CMMC Practice Progression
How to prepare for CMMC Assessments
• It takes time, dedicated resources, and investment to implement good cyber security processes and practices. We recommend clients get started as soon as possible!
• Stay up to date with the official DoD CMMC and its accreditation body pronouncements.
• Become familiar with the CMMC Levels and type of information that may apply to the work your organization does with the DoD / prime contractors.
• Seek out professional assistance from third-party organizations like KLC Consulting; we provide expert advisory CMMC Consulting Services to help your organization prepare for CMMC.
How Can KLC Consulting Help?
Preparation: We’re CMMC Consultants. We’ll help you understand the CMMC requirements, review your existing contract and future plans. Furthermore, we’ll perform gap analysis and work with you to design and implement processes and practices required by your CMMC level.
Experience: KLC consultants have top industry certifications and extensive experience in Risk Management Framework (RMF), NIST 800-53, NIST 800-171, NIST Cybersecurity Framework (CSF), and thorough knowledge of latest CMMC Certification requirements by DoD.
Contact: Please hit the button below to inquire about CMMC or our CMMC Consulting Services. We’d be happy to hear from you!
Please visit our channel on for other free resources and cybersecurity discussion topics, and LIKE and SUBSCRIBE!