The Department of Defense (DoD) released the anticipated CMMC Proposed Rule in the Federal Register on December 26, 2023. The proposed new rule, CMMC 2.0, will require Defense Industrial Base (DIB) contractors and subcontractors to obtain their Cybersecurity Maturity Model Certification (CMMC). With a deadline for comments set for February 26, 2024, understanding the nuances of this proposal is critical for all defense contractors and subcontractors.
What You Need to Know: CMMC Program Overview
CMMC 2.0 introduces a certification process across three levels, each with specific security and assessment requirements.
- Level 1: Involves an annual self-assessment for 15 basic security requirements, with results and a senior official’s affirmation entered in the Supplier Performance Risk System (SPRS).
- Level 2: Requires contractors to verify every three years that they have implemented all 110 security requirements outlined in NIST SP 800-171 Rev 2. This verification can be done through a self-assessment or a certification assessment by a Certified Third-Party Assessment Organization (C3PAO).
- Level 3: Entails a more rigorous assessment conducted every three years by the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC). This level focuses on 24 specific security requirements from NIST SP 800-172. Contractors at this level also need to submit annual affirmations.
Implementation Timeline
DoD has outlined a structured, four-phased implementation plan for the CMMC 2.0 program:
- Phase 1 (0-6 months): Initial phase demands a Level 1 or 2 Self-Assessment as a condition for contract award. This phase focuses on establishing fundamental cybersecurity practices.
- Phase 2 (6-18 months): Increases rigor by requiring a Level 2 Certification Assessment, which can be delayed to an option period, ensuring contractors have implemented all 110 security requirements outlined in NIST SP 800-171 Rev 2.
- Phases 3 and 4: Escalate to full implementation, incorporating Level 2 and 3 Certification Assessments as standard contract award conditions. Phase 4, beginning one year after Phase 3, marks the complete rollout of the program.
OST’s Strategic Partnership with the CMMC Consortium
To ensure our clients are fully supported in this transition, OST Global Solutions has partnered with the CMMC Consortium. This consortium consists of Certified Third-Party Assessment Organizations (C3PAOs) and Registered Practitioner Organizations (RPOs), accredited by the Cybersecurity Maturity Model Certification Accreditation Body (Cyber AB). The “collective approach” provides essential knowledge in cybersecurity, leverage their experiences and unique technologies (AI/ML) to create efficiencies and reduce labor costs. Their approach translates complex cybersecurity requirements into clear terms, aiding understanding and compliance and supporting companies (RPO duties) through their journey and through the assessment (C3PAO duties). This is especially advantageous for small and medium-sized businesses, obtaining informative content in lay terms, practical solutions, and access to subject matter experts/resources.
Begin Your Certification Process Now
The journey to CMMC compliance can span 6 to 18 months. Starting now is crucial to avoid disruptions in your DoD contracts.
Ready to Take the Next Step?
Avoid falling behind on these critical changes. Schedule your consultation with OST today and stay ahead in the evolving world of defense contracting.
Schedule a Brief Consultation.
Overcoming Compliance Challenges Together
With OST and the CMMC Consortium, you’ll navigate the cost, complexity, and resource challenges of CMMC compliance efficiently. We’re here to support you from initial assessment to ongoing compliance, ensuring your smooth transition into the CMMC 2.0 era.
https://calendly.com/catapultbd/cmmc-conversation-ost-global
About CMMC Consortium
The CMMC Consortium includes half a dozen companies to support the increasing demand on the Defense Industrial Base (DIB) with the implementation of CMMC, which include: Penacity (C3PAO), Summit Business Technologies (RPO), Captiva Solutions (RPO), Technology Business Solutions (RPO), Ronathan (Tech Co.), Compass (Tech Co.), Atsign (Tech Co.), and Catapult BD. We are accredited professionals, subject matter experts, and thought leaders in the cybersecurity world, and we bring with significant DoD Expertise. Our RPO‘s & C3PAO’s are accredited by the Cyber AB and many are part of the Maryland Cybersecurity Sellers program that can help qualify for the tax credit.
In 2023 our Consortium expanded to include strategic partners like Americas SBDC’s, Economic Development Authorities, MBDA’s, APEX’s, Large Primes and others across the country. We are based in the Washington DC Metro region but service across the U.S. to Hawaii and as far as Guam.
OST Global Solutions is a professional business development consulting firm. We have extensive experience in winning large, strategic bids. We can provide capture and proposal teams to develop a complete, winning proposal. Or we can provide consultants on a case-by-case basis to fill gaps on your business development team.
OST Global Solutions is a professional business development consulting firm. We have extensive experience in winning large, strategic. We can provide capture and proposal teams to develop a complete, winning proposal. Or we can provide consultants on a case-by-case basis to fill gaps on your business development team. Our services related to VICCS consist of capture management, strategic planning, competitive assessment, teaming and partnership development, and RFI response and interaction.
Upcoming Bid & Proposal Academy Classes
Writing Persuasive Government Proposals
OST Global Solutions 7361 Calhoun Place, Suite 560, Rockville, MD, United StatesThis proposal writing course shows how to develop compliant and highly persuasive proposal sections in half the time, to increase your Government proposals' win probability. Learn to outline within the proposal sections for compliance and responsiveness, brainstorm as a group and individually to develop proposal section content, infuse proper structure and flow into your sections, and implement the correct writing process. Learn proposal persuasion techniques.
Proposal Editing Workshop
OST Global Solutions 7361 Calhoun Place, Suite 560, Rockville, MD, United StatesThis class teaches how to edit Government proposals while working with a proposal team. Not another English grammar class, this course teaches proposal-specific professional editing skills to improve your proposals' Pwin.
Competitive Analysis: Black Hat & Price to Win (PTW)
OST Global Solutions 7361 Calhoun Place, Suite 560, Rockville, MD, United StatesThis training covers Black Hat and Price to Win (PTW) analyses that are the backbone of the competitive analysis, and are indispensable in the highly competitive world of winning Government proposals. Master the techniques for identifying competitors; using sources for quantitative and qualitative information; organizing Black Hat sessions; devising competitors’ approach; performing SWOT analysis; postulating competitors’ win strategies; following a disciplined PTW development process; performing labor rate analysis; and more.
