The Cybersecurity Maturity Model Certification (CMMC) has been in the works for several years at this point. First announced in 2019 by the Department of Defense (DoD), the CMMC model has been revised and tweaked over the years as it crawls to the ratification finish line.
What's changed for CMMC?
After regulatory approval, the Department of Defense has officially published CMMC into the federal register as a proposed rule on December 26, 2023. Published under the name 32 CFR Part 170, CMMC 2.0 will undergo a public comment period of 30-60 days where the public is given the opportunity to express their concerns or approval of the rule. CMMC Compliance is final!
This document is 234 pages long and contains a comprehensive description of CMMC. Being published as a "proposed rule" means that an agency is intending for this rule to "address a problem or accomplish a goal" and seeks the publics input. The feedback received from this public comment period will inform how the "final rule" is structured.
How Should Businesses Respond?
Businesses that fall in scope of CMMC will need to take proactive action to the upcoming rule. Organizations seeking certification (OSC) should have already taken the steps to ensure they are CMMC compliant so that when the final rule is officially implemented, they can be confident in their ability to defend CUI. With thousands of organizations within scope of CMMC and only a limited number of auditors, it could take a considerable amount of time to successfully certify your business. CorpInfoTech is committed to reaching CMMC Level 2 Compliance to improve our client services and guarantee coverage of more than 200 security controls.
.png?width=600&height=167&name=CMMC%20Timeline%20(3).png)
CorpInfoTech's Response
Corporate Information Technologies (CorpInfoTech) has been following the progression of the CMMC rule for the past several years. As the CMMC rule reaches completion, it's important to understand the importance of becoming and remaining compliant. Through CorpInfoTech's managed services (know as ESP, External Service Provider, for CMMC Compliance), your organization can remain confident your data is protected and your organization compliant.
"CorpInfoTech engages with external sources for validation to ensure our processes, procedures, and tools are valid and compliant. We have officially registered with Cyber AB as an OSC (Organization Seeking Certification) so that when the rule is finalized, we are ready." - Lawrence Cruciana, Founder and President of CorpInfoTech
CorpInfoTech is a CMMC Level 2 (C3PAO) certified MSP that has passed our audit with a perfect 110, making us one of the first MSPs to achieve level 2 compliance
.
