CMMC 1.0 was released on January 30th, 2020. All Department of Defense (DoD) contractors must become certified by 2021. This is when RFP’s will require CMMC certification. Many DoD contractors are concerned with how they’ll pay for the costs associated with the remediation of their IT environment and procedures. Some of you may be asking: How much will CMMC cost? How can we afford it? Well, great news! The DoD has provided some insight.
Your company has already spent money becoming compliant with NIST and DFARS. Another cost, for another compliance, seems like a lot, right? The DoD has decided that the costs to prepare for CMMC certification will be considered an “allowable cost.” What are allowable costs? These are shown in contracts and can be billed directly to the DoD. CMMC Model V1.0 states that these costs will be “allowable” and “reimbursable”. They will also not be “prohibitive.”
This is great news! DoD contractors will now be able to include the cost for CMMC Assessment & Remediation Services as part of their billable rates. Hopefully, this helps make CMMC certification much more manageable for small and medium-sized contractors.
CMMC is Required
Acquiring CMMC is a critical factor for DoD contractors. Failure to become CMMC compliant will result in failure to work. For many government contractors, the best way to meet the CMMC cybersecurity standards is to outsource the task to a Managed Security Service Provider (MSSP). Keep in mind that contractors are required to obtain CMMC certification to hold any contracts with the DoD so it is important to choose an MSSP you can trust. By outsourcing your security framework to an experienced MSSP, you will ultimately be more efficient, and you can focus on what you do best with less downtime.