INTERFACE Boise
Presented by Matanuska Telephone Association
Everything You Need to Know About CMMC:
In 2007, Chinese hackers successfully targeted a Department of Defense (DoD) subcontractor leading to the creation of a powerful fighter jet. During this cyberattack, the Chinese stole enough data to make their J-20 stealth fighter jet a real threat to the USA. The reality of this attack is that it wasn’t just a one-off event—over $600 billion is lost globally due to cyber theft every year. With that in mind, the DoD knew something needed to change.
Changes to cybersecurity compliance are coming. Before the introduction of the cybersecurity maturity model certification (CMMC), any self-attesting defense contractors could say that they were compliant with specific cybersecurity guidelines—without having to prove it. This not only left room for contractors to become complacent but diminished all compliant defense contractors’ credibility. In short, contractors who were reckless with sensitive information weren’t held accountable—until now.
With the rollout of the CMMC, contracting with the DoD is more specialized than ever—especially if you’re dealing with controlled unclassified information (CUI). But these new guidelines also mean the space will become more lucrative. It’s estimated that 129,810 businesses will likely pursue CMMC certification in the first 5 years.
CMMC boils down to 3 major points:
- It’s mandatory. All CMMC requirements will explicitly address what level your company needs to be at to send or receive any future federal agency RFIs and RFPs.
- It’s verifiable. Proof of certification will be accessible electronically.
- It’s a long-term investment. Many organizations see between 12-18 months of continual effort to complete their compliance projects fully.
Presented by Rob Thurston, Chief Technology Officer at Ampersand, Alaska’s leading technology services provider, attendees will learn about compliance requirements, sustainability, and risks for DoD contractors.