Optiv, a Top 250 MSSP, has announced Cybersecurity Maturity Model Certification (CMMC) capabilities to help organizations comply with federal requirements for U.S. Department of Defense (DOD) contracts, according to a prepared statement.
Organizations can leverage Optiv solutions to develop and manage CMMC compliance programs, the company said. These solutions enable organizations to use a compliant and hardened technology stack to protect their infrastructure and applications within CMMC requirements.
In addition, organizations can use Optiv solutions to document CMMC compliance processes, policies and procedures, the company indicated. This ensures that organizations can establish CMMC-compliant workflows and apply them consistently.
What Is CMMC?
CMMC is a set of DOD regulations designed to secure the government supply chain, Optiv noted. It is expected to take effect in 2025 and impacts more than 300,000 defense contractors.
Prior to the rollout of CMMC, the DOD has implemented new rules on the Federal Register that require contracting partners to submit a self-assessment and associated documentation to bid on new contracts, Optiv noted. Once CMMC takes effect, contractors must obtain and maintain a level of certification performed by a CMMC Third-Party Assessment Organization (C3PAO); without this certification at the required maturity level, Defense Industrial Base (DIB) contractors will not be able to view or bid on contracts.
Do MSSPs Need to Prepare for CMMC?
For MSSPs that are uncertain if they need to prepare for CMMC, they should first determine if they fall within its scope, MSSP Trustwave indicated. MSSPs that currently partner with the DOD or may explore opportunities to do so in the future must comply with CMMC.
Next, MSSPs that fall within the scope of CMMC should assess the maturity of their security programs, according to Trustwave. This can help MSSPs determine which steps they will need to take to meet CMMC requirements.