How Did We Get Here

Executive Order 13556 signed by President Obama in 2010, directing all Federal agencies to safeguard their Controlled Unclassified Information (CUI) and establishing a unified policy for all agencies to follow for data sharing and transparency. ​DFARS Clause 252.204-7012 requires contractors / sub-contractors to:

  • Provide adequate security to safeguard covered defense information that resides on or is transiting through a contractor’s internal information system or network
  • Report cyber incidents that affect a covered contractor information system or the covered defense information residing therein, or that affect the contractor’s ability to perform requirements designated as operationally critical support​
  • Submit malicious software discovered and isolated in connection with a reported cyber incident to the DoD Cyber Crime Center​
  • Submit media (if requested) and additional information to support a damage assessment​
  • Flow down the clause in subcontracts for operationally critical support, or for which subcontract performance will involve covered defense information.​

Since December of 2017, Department of Defense (DoD)Contactors were required to assess and document thier compliance in accordance with NIST 800-171 to self attest thier compliance with the DFARS Clause. DoD contractors are now required to comply using a maturity model in accordance with CMMC Levels 1 through 5. CMMC dictates how contractors and sub-contractors doing business with Federal agencies should manage and control CUI.

  • Details the security requirements to protect confidentiality of Federal Contract Information, CDI, or CUI on non-Federal information systems.​
  • Security requirements are organized into 14 control families​
  • Each family contains the requirements related to the general security topic of the family, and contain a total of 110 individual controls/ requirements.​

Why Do We Need CMMC

  • Billions of Dollars Stolen
  • Safety of Our Service Members Relying on Technology DoD Purchased
  • Damage to Our Economy
  • Damages to Our Companies from Insider Threats

What Are The Challenges

  • Cost of implementation
  • Interpretation of The Requirements
  • What Solutions Are Needed
  • What Is and Is Not Compliant
  • How to Remain Price Competitive

CMMC present many challenges to DoD contractors Let Us Help