NeoSystems, an MSP and IT systems integrator, says 10 of its employees have achieved Registered Practitioner (RP) status from the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body (AB). The news comes after NeoSystems in February 2021 attained Registered Provider Organization (RPO) status.
The U.S. Department of Defense (DOD) created the CMMC Model to validate the security of vendors across its supply chain. Multiple MSPs and technology vendors have embraced the model. Examples beyond NeoSystems include Optiv (a Top 250 MSSP) as well as Kaseya -- which has been championing CMMC on behalf of MSPs in the government sector.
A Closer Look at CMMC
The CMMC model includes five levels of certification, according to the DOD:
- Level 1: Requires an organization to perform specified basic cyber hygiene practices
- Level 2: Involves establishing and documenting practices and policies to guide the implementation of CMMC across an organization
- Level 3: Ensures an organization establishes, maintains and develops a plan that demonstrates it can manage the activities to implement practices
- Level 4: Verifies that an organization has reviewed and measured the effectiveness of its practices
- Level 5: Requires an organization to standardize and optimize process implementation
CMMC is expected to take effect in 2025 and could impact more than 300,000 defense contractors. Once CMMC takes effect, contractors must obtain and maintain a level of certification performed by a CMMC Third-Party Assessment Organization (C3PAO); without this certification at the proper maturity level, Defense Industrial Base (DIB) contractors will not be able to view or bid on contracts.