Summary
This guide outlines the requirements and implementation strategies for achieving compliance with the Cybersecurity Maturity Model Certification (CMMC) as mandated by the Department of Defense (DoD). It details the specific conditions under which Plans of Action and Milestones (POAMs) can be utilized, emphasizing that companies must maintain a minimum NIST 800-171 assessment score of 88. The document explains the cost implications associated with certification assessments and the necessity for contractors to ensure that their cloud and managed services providers meet CMMC requirements. It also highlights the unchanged requirements for CMMC Levels 1, 2, and 3, which will mirror the 110 security controls established by NIST SP 800-171 Rev2. The phased rollout of the CMMC program is set to begin in 2024, with assessments required at all levels and annual affirmations from company leadership. The guide provides a roadmap for organizations to prepare for compliance, including steps for gap assessment, remediation, and continuous monitoring of compliance status.
