DFARS/CMMC Compliance Resource Center
Do you have questions about the Department of Defense’s new Cybersecurity Maturity Model Certification (CMMC) audit? You’re not alone, the path to becoming compliant can be confusing. This resource center is designed to help address questions you have about NIST, DFARS 252.204 7012 compliance, and preparing for a CMMC audit.
As a NIST Consultant, we have extensive experience helping businesses implement the NIST 800-171 cybersecurity framework to comply with DFARS and prepare for CMMC audits. We’ve taken many of the common questions we see companies asking and developed resources to help address them.
Frequently Asked Questions:
What is the National Institute of Standards and Technology (NIST)?
The National Institute of Standards and Technology (NIST) was founded in 1901 and was established to remove major challenges to U.S industrial competitiveness at the time. In today’s world, NIST works with any company acting as a government contractor. The institute publishes a set of guidelines, including the 800 series, that outlines the United States federal government computer security policies.
What is the NIST 800-171 cybersecurity framework?
In 2015, the Department of Defense published “DFARS” which mandated that private DoD contractors adopt cybersecurity standards according to the NIST 800-171 cybersecurity framework. This is part of a government led effort to protect the US Defense supply chain from foreign and domestic cyber threats.
What is the Cybersecurity Maturity Model Certification (CMMC)?
The DoD has released the Cybersecurity Maturity Model Certification (CMMC) to ensure appropriate levels of cybersecurity controls and processes are in place to protect contractor systems. The CMMC will encompass multiple maturity levels that range from “Basic Cybersecurity Hygiene” to “Advanced.” The intent is to identify the required CMMC level in the RFP and use it as a “go/no go” decision when evaluating vendors.
What kind of companies need to become CMMC compliant?
There are approximately 300,000 DoD contractors that are subject to CMMC. The DoD estimates that only 10% meet the standard as released. By FY26, all new DOD contracts will contain CMMC requirements. All DoD contractors should already be at Level 1 as that parallels some existing requirements. Level 3 is going to be the level that most contractors need to achieve to be relevant.
Can my company pass a CMMC Compliance Audit without outside help?
There is a provision for self-audit, but experts do not believe that is wise. The cocktail of services you need to check all the boxes is really complicated to source and manage on your own. Finding a good partner that can provide critical components “as a service” is essential to moving towards compliance in a timely manner.
How do I find a partner to help my company pass our CMMC Compliance Audit?
The best partner is one with a dedicated cybersecurity team and extensive experience conducting CMMC assessments. Security is constantly changing and having a team of dedicated specialists with certifications in the security space can provide the peace of mind needed. Corsica has a team of NIST Consultants available to help, but it’s important you find whoever makes you feel most comfortable.
A Guide to CMMC Compliance
When it comes to CMMC compliance and control standards, certification is a go/no-go affair. And with DoD contracts on the line, it’s imperative to produce a hygienic cybersecurity environment the first time around.
Understanding the Interim Rule and how it relates to NIST 800-171 & CMMC compliance
This on-demand webinar looks at the CMMC Interim Rule and how to relates to NIST 800-171 and CMMC compliance.
CMMC Compliance Cheatsheet
This cheatsheet breaks down CMMC compliance at a high level, covering everything from its history to the fundamentals of compliance.
Request a CMMC Compliance Assessment
Our NIST Consultants perform a detailed assessment to help you meet steep compliance demands and pass your CMMC Certification audit with 100% confidence.
What Level of Cybersecurity Do DoD Contractors Need to Meet New CMMC Certification Regulations?
All DoD contractors are expected to be prepared for audits to begin, where third-party auditors will determine the cyber hygiene level your business has obtained.