No, the CMMC certification process is a mechannism for DoD to track compliance with FAR cybersecurity requirements that were promulgated starting in 2013. The requirements to have a secure system have existed for many years and any organizations currently without CMMC controls have been out of compliance. Once DFARS contract clause 252.204-7021 is included as a condition of contract award, DoD will require a DoD contractor to possess and maintain the CMMC maturity level designated within the contract. Organizations that do not meet the required certification level will be inelligable for contract award.

To safeguard Federal Contract Information (FCI) against increasingly frequent and severe cyberattacks, the Department of Defense (DoD) developed the Cybersecurity Maturity Model Certification (CMMC) to ensure FCI is handled appropriately by the DoD contractors. The CMMC model is designed to protect FCI that is shared with contractors and subcontractors of the Department through contracts by requiring companies to demonstrate that they have met existing cybersecurity standards and can adequately protect sensitive unclassified information. Taking CMMC requirements seriously and implementing them in a timely manner has a real and significant impact on national security.

CMMC certification requirements can apply to businesses that do work for the DoD as prime contractors or subcontractors ranging from a small single person consulting firm to multi-billion dollar corporations. The majority of large businesses have large budgets for internal IT departments that are likely already meeting the CMMC requirements and can handle the certification process. We work with small businesses that do not have internal IT departments and who are not prepared to pay very expensive consultants to set up and maintain IT systems that can meet CMMC certification requirements. The research and expertise to put together a compliant system on your own is onerous and very distracting from your day-to-day business. Implementing this system is very doable on your own with our guide. We pass on the savings to you by selling a step-by-step guide rather than setting set up a system for you.

Our system can be fully implemented by someone with no experience in no more than a week. Most of our clients are able to finish the course in a weekend. You do not have to finish the course in one sitting, you can pause and pick up your progress at a later time.

In alignment with section 4.1901 of the Federal Acquisition Regulation (FAR), FCI is defined as information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government, but not including information provided by the Government to the public (such as that on public websites) or simple transactional information, such as that necessary to process payments.

The short answer is almost every company that is involved in DoD contracting as a prime contractor or a subcontractor. The Defense Federal Acquisition Regulation Supplement (DFARS) contract clause 252.204-7021 will begin to be included as a condition of contract award for Department of Defense (DoD) once the CMMC rules are finalized. This clause will soon be present in all contracts issued by the DoD and will allow the issuing agency to require a DoD contractor to possess and maintain the CMMC maturity level designated within the contract. The CMMC program also includes the process for requiring protection of information that is flowed down to subcontractors.

While many existing contracts already contain the clause, after CMMC rules are finalized, prime and/or suncontract agreements will contain the DFARS 252.204-7021 contract clause. This contract clause will dictate the minimum CMMC maturity level an organization must have in place prior to being awarded the contract. DoD contracts which only transfer and/or create FCI will require organizations to achieve a CMMC Maturity Level 1 certification to self-attest to compliance with the 17 specified security controls from the CMMC framework. Organizations must satisfy all of the requirements to achieve this maturity level.

DoD says “you should have already implemented these requirements” 18 different times in the CMMC proposed rule. CMMC addresses DoD’s scaling challenges by using a private-sector accreditation structure. As potential certification deadlines approach, cost of implementing and certifying a system will increase. Phase 1 of the CMMC rollout schedule includes level 1 assessment requirements included in all applicable solicitations and contracts as a condition of award, meaning that Level 1 requirements will go into effect first.

Purchasing the course is easy! To get started, fill out the contact form and we will get in touch. Once we receive payment, you will receive an email with your documentation, policies, and a code to access the course. You will have access to the course for 60 days from your purchase date, plenty of time to finish!

This is a Microsoft cloud-based system and is compatible with all software products that are compatible with Microsoft.

No, the course shows you how to migrate your emails and files to your new Microsoft account without losing any data.

The course uses a Microsoft Enterprise license that likely includes the current Microsoft and Office 365 products you are currently using. By adding the Microsoft Enterprise plan, you can cancel your other included Microsoft subscriptions.