Summit 7, a provider of managed services to Department of Defense contractors, has released guidance meant to help businesses prepare for the Cybersecurity Maturity Model Certification rule, which has been finalized. The company said Tuesday that it will also hold a webinar on Nov. 7 that will tackle the rule’s implications and what businesses should expect.
The CMMC Program
The CMMC Program seeks to ensure that government contractors have the capabilities in place that meet the standards for protecting federal contract information and controlled unclassified information from cybersecurity threats. Compliance will be determined either through a company’s self-assessment or assessment by a third-party organization or the Defense Industrial Base Cybersecurity Assessment Center, depending on the level of security required by the information being protected.
The Final CMMC Rule
The final rule for the CMMC Program, formally referred to as 32 CFR Part 170, was made publicly available via the Federal Register on Oct. 15. Among other things, the finalized rule works to make compliance with standards simpler and more streamlined for small- and medium-sized businesses.
Commenting on the issuance, Summit 7 CEO Scott Edwards said, “The finalization of CMMC Program Rule marks the culmination of nearly a decade of rulemaking intent on improving the cybersecurity posture of America’s defense supply chain.”
Supporting Compliance
Edwards went on to say that Summit 7 is prepared to assist defense companies in their efforts to meet CMMC requirements.
In support of such efforts, Summit 7 said businesses could use its offerings. Options include the CMMC Pathfinder Tool, which works to help with the development or refinement of compliance plans; the MSP Cost Benefit Analysis service, which can be used to justify to company leadership the investment needed for compliance; and the Level 2 Gap Analysis service, which can help a company determine its progress in meeting CMMC requirements.