Do you have questions about the new cybersecurity certification? If so, this episode will help you answer those questions. We sat down with Adam Austin from Totem Technologies to discuss How to Navigate the CMMC Certification. You will learn about the current requirements for DoD contractors, how those requirements are currently being assessed, how the CMMC model is going to impact small businesses, and a lot more.
CMMC Q & A with Adam Austin:
Q: What is CMMC?
A: Stands for Cybersecurity Maturity Model Certification (CMMC). It is a new requirement for ALL Department of Defense contracts starting in the fall of 2020 or sometime in 2021. The CMMC will encompass multiple maturity levels that range from “Basic Cybersecurity Hygiene” to “Advanced/Progressive”. The intent is to incorporate CMMC into Defense Federal Acquisition Regulation Supplement (DFARS) and use it as a requirement for contract award.
Q: Where is the government on implementation? Launch date?
A: New CMMC requirements will be included in an extremely limited subset of RFI/RFP in either September or November of 2020.
Q: Will DoD require companies to be certified BEFORE responding to an RFP?
A: That’s what the DoD has indicated, but there isn’t any written documentation to validate. Once CMMC fully takes effect, certification will certainly be required before the contract begins.
Q: Has the government identified where to get certified yet?
A: No assessors are licensed yet, so no. The CMMC Accreditation Body will eventually publish a list of certified third-party assessment organizations (C3PAO) that can perform assessments.
Q: Can you confirm that contractors only need to be CMMC Level 1 to start?
A: That would facilitate a logical progression and advancement to higher levels of security, but no, this is an incorrect assumption. The CMMC Level will be specified in the RFI/RFP. If Controlled Unclassified Information (CUI) is processed under the contract, CMMC Level 2, 3 or above will be specified before the contractor can work the contract. CMMC Level 1 will be the minimum requirement for all of us contractors, as we all process Federal Contract Information (FCI), which requires 17 basic safeguards. But some companies will have an immediate requirement for higher CMMC Levels. This is going to be a challenge for some contractors. The lone exception to CMMC requirements are those purveyors who only provide COTS to the government.
Q: Can we get a copy of Level 1 requirements for CMMC in order to start looking at the starting point?
A: Level 1 CMMC practices are exactly the same as the 17 basic controls currently required by FAR clause 52.204-21 to protect FCI. The definitive source is the CMMC Model site: https://www.acq.osd.mil/cmmc/draft.html. You can download the appendices and view the Level 1 Practices.
Totem is a cybersecurity compliance service organization that offers software that meets the requirements and regulations to be compliant for DFARS, GDPR, and NIST 800 171.
—–
Need something to read? Get your copy of Game Changers the book today!
The concepts and strategies shared in this book are the go-to ninja-style secrets of each author.
You will learn:
★ What it takes to win in the government market
★ How to find the right revenue mix between definitive contracts versus contract vehicles
★ How to properly communicate your past performance
★ How to grow fast in the government market
★ The GovCon small business growth model
★ How to scale your government business
★ Understanding joint ventures
★ What it takes to win SBIR & STTR contracts
★ Winning sole-source contracts
★ Properly leveraging your 8(a) certification
★ Social selling in GovCon
★ Price to win strategies
★ Lean proposal management
★ Contract novation
★ Compensation for unanticipated costs and delays
★ Bouncing back from a losing streak
★ And more than 30 other concepts for growing your government business
Featured Guest: | Adam Austin | Company: | Cybersecurity Quarterback, Totem Tech |
Email: | adam.austin@hbarcyber.com | Phone: | (888) 5379-0509 |
![]() |
Win More Contracts with Federal Access Coaching
Features
Select a plan
User Accounts
Members-Only interactive LIVE session. Each week has a featured topic along with Q&A . We have scheduled breaks for holidays, conferences, in-person events, and vacations.
Strategy Playbooks
7-minute training videos designed to boost your government skills by covering tips, strategies, market updates, and more. New videos added monthly.
Game Changers Podcast
Industry leading podcast for government contractors.
100+ Government Templates
Capability Statements, Corporate Presentations, Bid/No Bid Calculator, Graphics Packs, Compensation Models, and much more...
Step-by-Step Strategy Guides
Over 200+ documents with detailed strategies to help you master the art and science behind winning government contracts by learning government fundamentals, marketing, sales, teaming, proposals, and operations.
The Government Sales Manual - Digital
Searchable PDF with hundreds of Techniques and Strategies.
Featured / On-Demand Webinars
More than 30 hours of high-quality keynote style training sessions on sales, marketing, business development, teaming, proposals, and operations.
On-Demand Training Videos
Videos are broken down by business activity to make them easy to find.
Email Support
Ask a Government Subject Matter Expert (SME) anything and get a detailed response.
Contract Terms
Contract lengths vary by plan. All contracts renew monthly after initial terms.
Annual Payment Savings
Save 20% off your membership by paying annually.
Advisor
Group Coaching
$249
per month
Billed Monthly
1
24 Hour
Response
Renews
Monthly
Annual
Save 20%
$199
per month
Billed Annually
1
24 Hour
Response
Renews
Annually