Cyber-attacks disrupt business operations and put intellectual property and sensitive information at risk. In a 2018 report, the Council of Economic Advisers (CEA) estimated that malicious cyber activity costed the U.S. economy between $57 billion and $109 Billion in 2016 (Source). Another report by the Center for Strategic and International Studies (CSIS), in partnership with McAfee, states that about $600 billion, nearly one percent of global GDP, is lost to cyber-crime annually (Source).
Cybersecurity Maturity Model Certification (CMMC)
In late 2021, the Department of Defense (DoD) released the Cybersecurity Maturity Model Certification (CMMC 2.0). This new guideline and certification process rolls in various cybersecurity standards and best practices into a three-level framework to ensure cybersecurity is met at the appropriate level across all federal acquisition processes. All level 2 and level 3 companies interested in contracting with the DoD, including subcontractors, must be certified through an accredited independent third party organization, while level 1 companies must perform a self-assessment. We expect to see CMMC levels incorporated into Requests for Information as early as June 2020.
Department of Defense Resources:
- Cybersecurity Maturity Model Certification and Assessment Guides
- Cybersecurity webpage
- Project Spectrum
- Other Resources
Learn more about the risks of cyber-attacks, self-assessment tools, and the latest regulations.
- Required Basic Safeguarding of Covered Contractor Information Systems | FAR 52.204-21
- Supplier Performance Risk System (SPRS) | Department of Defense (DoD)
- CMMC Maturity Level 1 (ML1) Questionnaire | RD Risk Advisors, LLC.
- Assessing Security Requirements for Controlled Unclassified Information (PDF) | National Institute of Standards and Technology (NIST)
- Assessment & Auditing Resources | National Institute of Standards and Technology (NIST)
- Cybersecurity Resources for Manufacturers | National Institute of Standards and Technology (NIST)
- Small Business Cybersecurity | Small Business Administration (SBA)
While APEX Accelerators are not certifiers, APEX counselors are able to help clients who are DoD Primes and Subs step through the Level 1 requirements as they are not highly technical. For higher levels of certifications, APEX counselors are able to guide clients through the framework and available tools and refer them to other accredited independent third party organizations. For further assistance contact your Procurement Specialist or Apply for services.
This APEX Accelerator is funded in part through a cooperative agreement with the Department of Defense.