The Department of Defense (DOD) has issued a mandate for all government contractors and their teaming partners supporting the DOD to provide assurance to one of five maturity model levels. The vision for this program at the DOD states: “Be a unified cybersecurity standard for DOD acquisitions to reduce exfiltration of Controlled Unclassified Information (CUI) for the Defense Industrial Base (DIB).”
The CMMC Standard has been issued in draft format and has components of requirements from ISO, NIST and other frameworks. All DOD contractors and their subcontractors and teaming partners will be required to evidence some level of maturity by achieving certification.
In order to be ready to obtain certification, organizations need to ensure they meet the requirements of the CMMC standard. Many clients who already have an ISO 27001 certification or implemented controls against NIST 171 may have a solid foundation.
Radian Compliance has created a series of toolkits to support organizations in implementing the CMMC requirements:
- For organizations with ISO 27001 in place, the toolkit will streamline the CMMC standard into existing or new controls.
- For organizations wanting to ensure a Level 3 Maturity rating by implementing the ISO 27001 standard and including the CMMC requirements, the toolkit is added to our existing pre-certification methodology.
- For organizations scoping only CMMC requirements for the DOD, the toolkit will provide the necessary support to make decisions and implement the controls appropriate to the business needs.
Radian will apply our 100% successful methodology with the CMMC Standard with:
For more information, please visit the Cybersecurity Maturity Model Certification website.