The Department of Defense (DoD) released the anticipated CMMC Proposed Rule in the Federal Register on December 26, 2023. The proposed new rule, CMMC 2.0, will require Defense Industrial Base (DIB) contractors and subcontractors to obtain their Cybersecurity Maturity Model Certification (CMMC). With a deadline for comments set for February 26, 2024, understanding the nuances of this proposal is critical for all defense contractors and subcontractors.

What You Need to Know: CMMC Program Overview

CMMC 2.0 introduces a certification process across three levels, each with specific security and assessment requirements.

  • Level 1: Involves an annual self-assessment for 15 basic security requirements, with results and a senior official’s affirmation entered in the Supplier Performance Risk System (SPRS).
  • Level 2: Requires contractors to verify every three years that they have implemented all 110 security requirements outlined in NIST SP 800-171 Rev 2. This verification can be done through a self-assessment or a certification assessment by a Certified Third-Party Assessment Organization (C3PAO).
  • Level 3: Entails a more rigorous assessment conducted every three years by the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC). This level focuses on 24 specific security requirements from NIST SP 800-172. Contractors at this level also need to submit annual affirmations.

Implementation Timeline

DoD has outlined a structured, four-phased implementation plan for the CMMC 2.0 program:

  • Phase 1 (0-6 months): Initial phase demands a Level 1 or 2 Self-Assessment as a condition for contract award. This phase focuses on establishing fundamental cybersecurity practices.
  • Phase 2 (6-18 months): Increases rigor by requiring a Level 2 Certification Assessment, which can be delayed to an option period, ensuring contractors have implemented all 110 security requirements outlined in NIST SP 800-171 Rev 2.
  • Phases 3 and 4: Escalate to full implementation, incorporating Level 2 and 3 Certification Assessments as standard contract award conditions. Phase 4, beginning one year after Phase 3, marks the complete rollout of the program.

OST’s Strategic Partnership with the CMMC Consortium

To ensure our clients are fully supported in this transition, OST Global Solutions has partnered with the CMMC Consortium. This consortium consists of Certified Third-Party Assessment Organizations (C3PAOs) and Registered Practitioner Organizations (RPOs), accredited by the Cybersecurity Maturity Model Certification Accreditation Body (Cyber AB). The “collective approach” provides essential knowledge in cybersecurity, leverage their experiences and unique technologies (AI/ML) to create efficiencies and reduce labor costs. Their approach translates complex cybersecurity requirements into clear terms, aiding understanding and compliance and supporting companies (RPO duties) through their journey and through the assessment (C3PAO duties). This is especially advantageous for small and medium-sized businesses, obtaining informative content in lay terms, practical solutions, and access to subject matter experts/resources.

Begin Your Certification Process Now

The journey to CMMC compliance can span 6 to 18 months. Starting now is crucial to avoid disruptions in your DoD contracts.

Ready to Take the Next Step?

Avoid falling behind on these critical changes. Schedule your consultation with OST today and stay ahead in the evolving world of defense contracting.

Schedule a Brief Consultation.

Overcoming Compliance Challenges Together

With OST and the CMMC Consortium, you’ll navigate the cost, complexity, and resource challenges of CMMC compliance efficiently. We’re here to support you from initial assessment to ongoing compliance, ensuring your smooth transition into the CMMC 2.0 era.

https://calendly.com/catapultbd/cmmc-conversation-ost-global

About CMMC Consortium

The CMMC Consortium includes half a dozen companies to support the increasing demand on the Defense Industrial Base (DIB) with the implementation of CMMC, which include: Penacity (C3PAO), Summit Business Technologies (RPO), Captiva Solutions (RPO), Technology Business Solutions (RPO), Ronathan (Tech Co.), Compass (Tech Co.), Atsign (Tech Co.), and Catapult BD. We are accredited professionals, subject matter experts, and thought leaders in the cybersecurity world, and we bring with significant DoD Expertise. Our RPO‘s & C3PAO’s are accredited by the Cyber AB and many are part of the Maryland Cybersecurity Sellers program that can help qualify for the tax credit.

In 2023 our Consortium expanded to include strategic partners like Americas SBDC’s, Economic Development Authorities, MBDA’s, APEX’s, Large Primes and others across the country.  We are based in the Washington DC Metro region but service across the U.S. to Hawaii and as far as Guam.

OST Global Solutions is a professional business development consulting firm. We have extensive experience in winning large, strategic bids. We can provide capture and proposal teams to develop a complete, winning proposal. Or we can provide consultants on a case-by-case basis to fill gaps on your business development team.

OST Global Solutions is a professional business development consulting firm. We have extensive experience in winning large, strategic. We can provide capture and proposal teams to develop a complete, winning proposal. Or we can provide consultants on a case-by-case basis to fill gaps on your business development team. Our services related to VICCS consist of capture management, strategic planning, competitive assessment, teaming and partnership development, and RFI response and interaction.

[email protected]

(301) 384-3350

Upcoming Bid & Proposal Academy Classes

Competitive Analysis: Black Hat & Price to Win (PTW) with AI Insights

OST Global Solutions 7361 Calhoun Place, Suite 560, Rockville, MD, United States

This training covers Black Hat and Price to Win (PTW) analyses that are the backbone of the competitive analysis, and are indispensable in the highly competitive world of winning Government proposals. Master the techniques for identifying competitors; using sources for quantitative and qualitative information; organizing Black Hat sessions; devising competitors’ approach; performing SWOT analysis; postulating competitors’ win strategies; following a disciplined PTW development process; performing labor rate analysis; and more.

Register Now $1,390.00

Foundations of Federal Business Development: Strategies with AI Integration

OST Global Solutions 7361 Calhoun Place, Suite 560, Rockville, MD, United States

This Government Business Development training offers essential skills in professional business development for Government contractors selling services and solutions to the Federal Government. The two-day course begins with an overview of the Federal business development (BD) process and what it takes to succeed in the profession. It proceeds to the basics of U.S. Government business.

Register Now $1,390.00

Master AI to Enhance BD, Capture, & Proposal Processes Updated to Include the Latest AI Developments

OST Global Solutions Virtual Classroom MD, United States

Are you ready to enhance your bid flow, improve your Pwin, cut down the time it takes to do most BD tasks, improve decision-making, and reduce proposal risk by ensuring your submissions are compliant and compelling? This course is specially designed for BD professionals in Government contracting firms seeking to harness the power of AI in their operations. Over three comprehensive sessions, you will gain the knowledge and tools to transform your BD strategies and execution. Learn More