Jerry Petersen
It is a good time for prime contractors and their subcontractors to start thinking about compliance with the latest iteration of the Cybersecurity Maturity Model Certification Program, according to Carahsoft Technology’s Alex Whitworth.
Imminent CMMC Rollout
Having cleared all other legal requisites and with only the publication of the Defense Federal Acquisition Regulation Supplement rule remaining, CMMC is expected to begin rolling out within 2025, which includes the incorporation of CMMC requirements into contracts with the Department of Defense and related agencies, Whitworth, a sales director at Carahsoft, said in a column published on Feb. 14.
The rollout is set to take place over four phases. During the first phase, businesses will have to undergo self-assessments to demonstrate that they are compliant with the cybersecurity maturity level required by the contract they are aiming for. During the second phase, businesses aiming for Level 2 maturity contracts will have to undergo assessment by third-party evaluators approved by the Cyber AB.
Preparations for CMMC Compliance
Whitworth said that businesses that have yet to make preparations for CMMC should begin doing so to deliver or undergo these assessments, especially in light of the limited number of assessors, which may result in scheduling difficulties. Primes in particular would have to put in place a process to validate the CMMC maturity level of their subcontractors as part of their responsibilities under the program.
Whitworth went on to note that complying with CMMC can be costly and time consuming but it is also critical to federal data security. He said that Carahsoft can help businesses seeking to meet CMMC requirements by fostering connections with service providers, subject matter experts and consultants. Carahsoft can also provide businesses with the right technology as well as resources that can help them make informed decisions concerning CMMC.
