If you are involved in federal government contracting or looking at becoming a federal government contractor you may have heard the term CMMC thrown around. In this article, we will tell you exactly what it is and why this is important in the federal government contracting industry. Lastly, we will tell you the steps needed to get CMMC certified. To learn more about CMMC make sure to get in contact with us. Email us via info@aspis.consulting  or give us a call at (816) 533-5509. 

What Is It? 

The Cybersecurity Maturity Model Certification (CMMC) was recently created as part of the Defense Federal Acquisition Regulation Supplement (DFARS). This certification is a comprehensive move by the DoD that will take place over the next five years. The CMMC will then be fully rolled out in 2026.  

Why Is This Important 

Businesses that currently accept federal contracts will need to receive CMMC in order to accept contracts in the future. It is recommended that businesses start implementing changes to comply with the CMMC as soon as possible. This allows government contractors time to be ready for the imminent changes to your eligibility coming in 2026. Agencies that are enforcing CMMC include the DoD, USDA, and other government agencies.   

Steps to Take: The Interim Rule 

Even though the new CMMC requirements won’t be rolled out until 2026, there are still steps that you can take right now. The interim rule is one such step. This states that all DoD contractors and members of the Defense Industrial Base (DIB) supply chain must perform a self-assessment. This is a basic self-assessment that will go over your current cybersecurity efficacy. The self-assessment evaluates the implementation of the 110 cybersecurity controls mentioned in the NIST (SP) 800-171. Here are some important things to remember about the self-assessment:  


After the Self-Assessment: 

Beyond the self-assessment, there are some other steps you can take to prepare your business. Check out these tips:  


We know this is a lot to take in however here at Aspis we are always available to help.  Whether you’re here with us in Kansas City, Duluth, or in Washington D.C., our services are just a message away. If you would like to contact follow us on LinkedIn, Facebook, and Instagram.  Check out our other cybersecurity consulting blogs by visititing our website!  

Leave a Reply