Beginning January 2020, the Department of Defense will roll out a new IT security protocol for all businesses it hires for contract work.
The department’s Cybersecurity Maturity Model Certification (CMMC) is designed to ensure that contractors on government projects have prescribed cybersecurity practices in place to protect controlled unclassified information. Applicable information includes data pertaining to critical infrastructure, nuclear, proprietary business information, procurement, and acquisition.
All defense contractors must pay for certification through a third-party provider of their choice. Beginning in June 2020, contractors will start seeing references to CMMC requirements in requests for proposals. Some higher-level assessments may be performed by DOD or other government agencies.
The DOD released the latest draft version of the CMMC for public review earlier this month. It includes five different certification levels.