The Cybersecurity Maturity Model Certification (CMMC) was created to enhance the cybersecurity posture of companies participating in US government supply chains. As of December 31, 2017, defense and government suppliers had to comply with NIST 800-171. Starting in 2020, the DoD will gradually transition federal contract information to include CMMC instead of NIST 800-171.
As of December 31, 2017, companies that provide parts and services for suppliers serving federal and local governments must comply with the NIST 800-171 mandate. There have been some recent changes in how compliance is managed for this mandate.
To increase the cybersecurity posture of companies operating in government supply chains, the Department of Defense announced the creation of the Cybersecurity Maturity Model Certification (CMMC) in 2019, and a draft was made available. On January 30, 2020, the DoD released Version 1.0 to the public.
As of December 31, 2017, companies that provide parts and services for suppliers serving the government were required to be compliant with the NIST 800-171 mandate. Starting in 2020, a new certification will be required: Cybersecurity Maturity Model Certification.
Companies across all industries have taken steps to protect their data and prevent cybercrime. The use of information security frameworks grew out of a need for organizations to follow a set of steps to protect information. By selecting a cybersecurity framework, companies could adopt a set of policies and procedures around the implementation and ongoing management of information security controls in an enterprise environment.
Now that the deadline to comply with the NIST 800-171 mandate has passed (as of December 31, 2017), hopefully you are sitting back, comfortable in the knowledge that you have taken the necessary steps to ensure your company is meeting the cybersecurity guidelines required by the Department of Defense (DoD), providing you a competitive advantage over other manufacturers.