On May 18, 2020, The CMMC-AB (Cybersecurity Maturity Model – Accreditation Body) released an update on the current state of the CMMC roll out. During the webinar, Katie Arrington, CISO for the Department of Defense (DoD) Acquisition Office, reiterated that this project is still moving forward.

While companies currently doing business with the DoD will not immediately be required to possess CMMC certification, all new contracts and bids will require it as part of the bid process. The goal of the CMMC is to have all DoD contracts in the next five years obtain CMMC certification. If an organization is currently in a contract with the DoD, they should still be self-assessing against NIST 800-171, but preparing for the CMMC requirements.

For new organizations looking to begin contracting with the DoD, they should start preparing using the draft CMMC framework that has been released.

We can help

Elliott Davis can assist organizations, both currently working with the DoD and aspiring to work with the DoD, in preparing for CMMC. Contact a member of our team to see how we can assist you with the CMMC process.