DoD Contractors

Organizations working with the US DoD (Department of Defense) are held to increasingly stringent cybersecurity requirements. Since 2018, the DoD has required all defense contractors to be compliant with NIST 800-171, a government standard that lists 110 essential security controls. However, compliance has proved difficult for many prime and sub-contractors, particularly for small organizations.

To enforce universal contractor compliance with cybersecurity standards, the DoD has developed the Cybersecurity Maturity Model Certification (CMMC). This process requires defense contractors and sub-contractors to undergo a third-party audit, then receive a CMMC assessment (Level 1-5).

Beginning later in 2020, Requests for Proposals will begin requiring contractors to list their Cybersecurity Maturity Model Certification (CMMC) level. Over the next few years, CMMC compliance will be mandatory to bid on any DoD contracts.

How We Can Help

“The whole purpose of the CMMC was making a unified standard so that we could lower the barrier entry for non-traditional [contractors] and small businesses… We are willing to pay for what we need our industry to be able to do.”

Katie Arrington
Chief Information Security Officer, DoD Acquisitions
Contact Us

Questions about NIST 800-171 or CMMC?

Let us know how we can help!