CMMC: What's new in August 2024
Every month, CyberAB, the organization that coordinates CMMC, organizes a meeting to share information on what's new at CMMC (CyberAB Town Halls).
As CMMC RPO, Streamscan participates in these monthly meetings.
We'll give you a summary of these monthly meetings, so that you can keep up to date with CMMC and adjust as necessary.
Here is the summary of CyberAB's monthly meeting - August 2024.
CMMC certification will not be required when you submit your bid, but when you are awarded a DoD contract.
If a DoD tender requires you to have CMMC Level 1, 2 or 3 certification, you are not obliged to hold this certification before submitting your bid.
If you have the contract, you must prove that you have the CMMC certification requested, otherwise DoD will not award you the contract.
Keep in mind that CMMC compliance takes between 12 and 18 months. The best thing to do is to get your certification quickly, as soon as CMMC is implemented (Q1 2025). If not, you'll lose business.
DoD's proposed Final Rule regarding the integration of CMMC into its contracts
On August 15, 2024, DoD issued a major clarification on how it will integrate its CMMC requirements into contracts (CMMC Title 48 Proposed Rule).
We have analyzed this Rule and published a summary, which you can read here.
CMMC Projected Calendar
The effective date of the CMMC has not yet been confirmed.
It is estimated that CMMC will likely be in force in Q1 2025.
FedRAMP authorization requirement Moderate at least for Cloud service providers
FedRAMP is a U.S. government program designed to ensure that CUI that is stored in the Cloud is well protected to reduce the risk of unauthorized access.
There are three (3) FedRAMP levels: Low FedRAMP, Moderate FedRAMP and High FedRAMP.
FedRAMP Moderate is required for CMMC
It is your responsibility to ensure that your Cloud provider is minimally FedRAMP Moderate authorized.
For more details on FedRAMP and its levels, please see our blog post CMMC vs FedRAMP.
Any question about CMMC? We've got the answer.
Streamscan is a CMMC Registered Provider Organization (RPO) and is officially authorized to assist organizations in their CMMC process.
Contact us or call us at +1 877-208-9040 to discuss your CMMC compliance.