Article

What DoD Contractors Need to Know About the CMMC

Topic: Business NetworkingBy Michael PetersPublished Recently added

Legacy signals

Archived popularity: 1,549 legacy viewsImported historical SelfGrowth signal; not blended with current reader activity.

Reader rating

Not enough ratings yet

Aggregate average appears after enough eligible reader ratings.

Rate this resource

Sign in to rate this resource.

Sign in to rate this resource

Cyberattacks on the U.S. government’s vast network of contractors and subcontractors pose a serious threat to national security, and the DoD is taking action. The agency tasked NIST with developing a set of guidelines addressing advanced persistent threats against contractors who handle high-value data assets, and it recently unveiled plans for its own set of standards, the Cybersecurity Maturity Model Certification (CMMC).What is the CMMC? The CMMC will be developed in partnership with Johns Hopkins Applied Physics Lab and Carnegie Mellon University Software Engineering Institute. The goal is to combine a number of existing cyber security control standards, such as NIST 800–171, NIST 800–53, ISO 27001, ISO 27032, and FedRAMP, into one unified standard. In addition to assessing a contractor’s implementation of controls, the CMMC will also assess the maturity of the company’s institutionalization of cybersecurity practices and processes. Assessments will be conducted by third-party auditors, and companies will receive a score indicating the maturity and sophistication level their controls. There will be five CMMC levels, ranging from “Basic Cybersecurity Hygiene” to “Advanced.” The DoD has indicated that the CMC will be a dynamic framework so that it is able to adapt to new and emerging cyber threats. A neutral third party will be responsible for maintaining the standard. How will the CMMC affect DoD contractors? DoD prime contractors have been held to higher cyber security standards since 2017, but typically, those primes outsource some of their work to subcontractors, who then have subcontractors under them. It’s these contractors, at tier two or below, that the CMMC is primarily aimed at. Many times, they are small companies that do not have robust cyber security defenses, which is why hackers target them. However, while the DoD has stressed that all areas of the federal supply chain must be secured, they have not yet gone into specifics regarding how the CMMC will flow down to subcontractors. The DoD wants to implement CMMC in January 2020, include CMMC level requirements in RFIs by June 2020, and include them in sections L and M of RFPs by September 2020. CMMC levels will be used as a “go/no-go decision.” The CMMC level required will depend on the nature of the CUI (controlled unclassified information) the contractor will be handling or processing. However, all companies conducting business with the DoD will be required to be CMMC certified, even if they do not handle CUI. Recognizing that smaller subcontractors may be on tight budgets, the DoD is striving to make CMMC certification affordable. Additionally, IT security will be an allowable expense on contracts moving forward, so companies can modify their rates to reflect the new standards. Getting ready for the CMMCThe DoD is conducting a “CMMC Listening Tour” to solicit feedback from defense contractors; sessions are currently scheduled through August. Early preparation for the new requirements will be the key to success. Now is the time to reevaluate your data environment, cyber security policies and procedures, and compliance processes. Since the CMMC will be partially based on NIST 800–171, ensuring that your company meets at least those standards will make the CMMC certification process smoother.

Article author

About the Author

Michael Peters is the CEO of Lazarus Alliance, Inc., the Proactive Cyber Security™ firm, and Continuum GRC. He has served as an independent information security consultant, executive, researcher, and author. He is an internationally recognized and awarded security expert with years of IT and business leadership experience and many previous executive leadership positions. He has contributed significantly to curriculum development for graduate degree programs in information security, advanced technology, cyberspace law, and privacy, and to industry standard professional certifications. He has been featured in many publications and broadcast media outlets as the “Go-to Guy” for executive leadership, information security, cyberspace law, and governance.

Further reading

Further Reading

4 total

Article

Introduction There was a time when the call center was seen as a place where phones rang endlessly and agents simply answered questions. That picture has changed dramatically. Today the modern call center sits at the center of customer experience, quietly coordinating returns, managing fulfillment concerns, and shaping how customers feel about every interaction with a brand. Instead of reacting to problems, teams now guide customers through complex journeys. Their role has gr

February 6, 2026

Article

In today’s financial landscape, credit scores play a major role in determining access to loans, housing, and even employment opportunities. For individuals facing late payments, collections, or inaccurate credit reports, rebuilding credit can feel overwhelming. This is why many people turn to professional services for guidance. Among the growing number of Credit Repair Companies in Houston and providers offering Credit Repair San Antonio solutions, White Jacobs continues to

February 6, 2026

Article

Choosing the right POS terminal is more important now than ever. With customer expectations rising and payment methods changing quickly, businesses need a device that works fast, stays secure, and handles different payment types. The PAX A30 is a popular Android POS terminal that has gained attention for its modern design and strong features. In this review, we look at how well it performs in real life, what makes it stand out, and whether it can truly be called the best Andr

January 17, 2026

Article

Installing a rack mount server cabinet is an important task for anyone setting up a server room or a data center. These cabinets are designed to hold servers, networking devices, and other hardware safely and in an organized way. A well-planned installation helps improve airflow, manage cables neatly, and secure equipment, which makes the server room safer and more efficient. Whether you’re setting up a small office server or a larger business data center, knowing how to in

January 16, 2026