For the third consecutive year, Hill Tech Solutions has been named one of the world's premier managed services providers on the prestigious Channel Futures NextGen 101 list!

Need IT Support?
WE CAN HELP!

What Time Is It? CMMC Time.

Share This Post

On December 16, the final CMMC 2.0 rule went into effect. As you know, CMMC 2.0 is an updated cybersecurity standard affecting those organizations that handle federal contract information (FCI) or controlled unclassified information (CUI), as well as their subcontractors.

While there has been some discussion over whether the rule will change as a new administration takes office, CMMC is likely to remain the law of the land, as it addresses the cybersecurity standards for handling vital information in a time of rampant cybercrime.

There are three levels of CMMC compliance, with Level 1 being the least stringent and Level 3 most stringent. The level required depends on the types of information being handled by a given organization. Level 2 is the most common, and involves more than 100 cybersecurity controls as well as a reassessment every three years. With the new rule taking full effect in December, Level 2 assessments can now begin as the standard is rolled out.

It goes without saying that for many organizations, preparing for an assessment that involves more than 100 controls will take a substantial amount of time. One DoD estimate says that preparing for an assessment might take 12-18 months, and waiting for that assessment to be scheduled might carry a similar time frame. In our experience, six months to a year from start to finish is more accurate.

CMMC will predictably carry a substantial cost burden for organizations as well. Pentagon estimates for Level 2 assessment and certifications run into six figures. While there has been talk of the government offering financial relief to offset these costs, nothing has materialized yet.

Time and cost burdens notwithstanding, the clock is now officially ticking on CMMC 2.0. The expectation is that all organizations will be fully compliant by 2028, but some contractors have already begun requiring compliance of their subcontractors. While the rule may be modified or refined in the future, CMMC compliance in some form is virtually certain to remain the law of the land.

Given the timeline and costs associated with the process, from initial gap assessment to certification, the time to start is now.

Learn more about CMMC 2.0 here.

Questions about CMMC compliance? Contact Hill Tech Solutions today.

More To Explore

Compliance

What Time Is It? CMMC Time.

On December 16, the final CMMC 2.0 rule went into effect. As you know, CMMC 2.0 is an updated cybersecurity standard affecting those organizations that