To compete for contracts with clients in the Department of Defense (DoD) supply chain, Cybersecurity Maturity Model Certification (CMMC) compliance is a requisite that businesses must first achieve. While those well-paying contracts are well worth pursuing, CMMC is particularly complex, with security requirements and assessment processes that take expertise to navigate. Many businesses that go it alone won’t get far. For MSPs, CMMC therefore creates a huge opportunity to gain that rare expertise, build out CMMC compliance assistance as a core offering, and serve new clients as a partner that helps them meet their own goals as CMMC-certified businesses. CMMC and the DFARS 252.204-7012 clause are key regulations governing all contractors and subcontractors in the DoD supply chain. According to the DFARS 7012 clause, any organization with a DoD contract or subcontract that stores, processes or transmits controlled information needs to safeguard that data as prescribed by the NIST special publication 800-171 framework, and further requirements. CMMC compliance requirements also are frequently revised, such that MSPs must remain engaged with ongoing developments to keep clients’ security practices aligned with the latest CMMC changes. Currently, the most pressing example of this dynamic nature is CMMC 2.0, which the DoD introduced in 2021 to improve its third-party cybersecurity assessment and certification methods, and which is undergoing iteration on its path to final implementation in 2025. CMMC 2.0 introduced a three-level system of increasingly strict requirements around cybersecurity maturity and controls. The CMMC level required of a contractor or subcontractor is determined by the sensitivity of the information a given business handles. Under CMMC, organizations must complete a Basic Contractor Self-Assessment, and self-attest to the Summary Level Score or Supplier Performance Risk System (SPRS) score of that assessment. Organizations are only eligible to bid on defense contracts after submitting their score. Based on the NIST SP 800-171 DoD Assessment Scoring Template, the SPRS score checks compliance with By Aaron Wyant CYBER PATROL How MSPs Can Win New Business by Providing CMMC Compliance 20 CHANNELVISION | JANUARY - FEBRUARY 2024
RkJQdWJsaXNoZXIy NTg4Njc=