In the wake of the Microsoft security breach in March, I thought it was time for a reminder about the slow, but inevitable Department of Defense cybersecurity requirement rollout. The Cybersecurity Maturity Model Certification (CMMC) requirements were implemented in about 15 solicitations in FY21. The idea is to have all DoD contracts (including SBIRs) to include some levels of CMMC requirements by FY2026. Given the habits that are required for good cybersecurity hygiene, it doesn’t hurt to start the process.
Why the change? While security habits have been required for many contracting awards, most of those requirements were self-certified. A company could state that they met the various NIST 800 standards and incur the consequences if problems arose. With rising concerns about foreign agents and stolen IP, CMMC now requires certified auditors to validate that your company is indeed following the security hygiene requirements.
What do I need? CMMC is a multi-level, additive set of protocols that are built off the NIST 800 standards. Each level builds off the previous level to meet your contract’s required security hygiene protocols and includes steps around digital, cyber, in-person and document security management. To be successful, your company will need to understand, incorporate, indoctrinate and maintain records and policies around your company’s implementation of these security protocols.
Where do I begin? Tune into some free webinars hosted by Project Spectrum. The Wisconsin Procurement Institute also hosts webinars on emerging cybersecurity requirements. You can also learn more through the CMMC accrediting organization.
The bottom line is that starting early may reduce your anxiety as you get ahead of the process and take advantage of this onboarding period. These protocols encourage habits, which can take time to spread in the organization. Furthermore, by delaying you risk missing out on contracting and sub-award opportunities. In these next few years, DoD contracts and programs like TABA will provide funding to help your business become compliant in the SBIR program. Reach out now to the Wisconsin CTC or partners in the Small Business network to help you get ready.
