[Live] CMMC 2.0 Ongoing Updates

[Live] CMMC 2.0 Ongoing Updates

GET THE LATEST CMMC 2.0 UPDATES HERE!

2022 – Q4

CMMC: The Latest

• Rule to be sent to OIRA October 2022.
• Final interim/proposed rule to be released March 2023.
• Rule in contracts beginning May 2023.
• CMMC compliance takes 9-12 months.
• Sec. 866 of the 2022 NDAA requires a report on the impact of
CMMC on small businesses within 180 days. The report must
include:
− the estimated costs of complying with each level of the
framework;
− any decrease in the number of small business concerns that
are part of the defense industrial base resulting from the
implementation and use of the framework; and
− an explanation of how the Department of Defense will mitigate
the negative effects to small business concerns that are part
of the defense industrial base resulting from the
implementation and use of the framework.”

2022 – Q3

CMMC: The Latest

• How it will work:

− DoD entered into an MOU (and now contract) with a
single CMMC Accreditation Body (AB).
− The AB will implement the CMMC model, train and
certify assessors, and evaluate assessments. The
AB sits between DoD and the contractors.
− There will be three levels of assessment with the
third being the most stringent.
− DoD will assign a CMMC rating to each contract
and only contractors that have had a successful
assessment at that rating can perform.
− It is unknown who will assign certification levels
required to subcontractors and enforce that.

How to Receive Funding for DoD Cybersecurity Compliance

How to Receive Funding for DoD Cybersecurity Compliance

The DoD Cybersecurity Compliance is the Cybersecurity Maturity Model Certification (CMMC 2.0).

What is this?

The CMMC program is aligned to DoD’s information security requirements for Defense Industrial Base partners (those of whom create products or services that allow for the sustainability or deployment of military operations).

Why’s it important?

Michigan Cyber Defense is created a CyberSmart program that provides $22,500 to small to medium-sized businesses to help obtain the CMMC 2.0.

My company sells products or services for the military… How do I get $22,500 for CMMC 2.0?

Talk to us – we’re a pre-approved CyberSmart resource for the state of Michigan. 

We conduct your gap analysis and can assist in writing your System Security Plan and Plan of Actions and Milestones. Moreover, we can help you become certified. 

How do I know if I need the CMMC 2.0 Compliance?

If you create products or services for the military, you need the compliance. If you create products or services for another company that works with the military, you’re going to need the compliance. 

Many times, we say that if you’re ITAR certified, you’re going to need the CMMC 2.0 certification. 

What if I do nothing?

After 2025, you will no longer be eligible to sell products directly or indirectly (prime or subcontractor) to the DoD or Aerospace industries. 

How long is the State of Michigan providing grant funds for becoming CMMC 2.0 certified?

Until October 2023, but we recommend getting started right away.