Connecticut CMMC Coalition

A Stakeholder Community Working Together to Protect our National Security and State Economy

Check out our Blogs and Videos

Amazing videos and tutorials to help you with Cybersecurity Maturity Model Certification
$ 0 B
In State Spending
0 %
Total State GDP
0
CT Companies
0
Per Resident
0
Billion. Contractor
0
Jobs

Education

As a community we help the Defense Industrial Base of Connecticut learn about the CMMC Model
Read the Blog

Resources

We seek to curate, create, and evaluate materials to help Connecticut prepare for the CMMC Model
Check our Resources

Events

We organize free events and affordable training to help help prepare Connecticut for the CMMC
Check the Calendar

What is CMMC?

The Department of Defense created the Cybersecurity Maturation  Model Certification (CMMC) as a cybersecurity standard for the Defense Industry Base (DIB). As a nation we must protect the supply chain of 300,000 companies globally. CMMC is required for all DoD contractors dealing with CUI per the Interim Rule.

CMMC assessments occur across five levels of maturity, with level 1 requiring the most basic cybersecurity and level 5 requiring the most advanced with 171 embedded practices and processes.

Does My Company Need a CMMC Assessment?

Do you handle Federal Contract Information (FCI) or Controlled Unclassified Information (CUI)? If you answered yes, then you need an assessment.

What is FCI?

Federal Contract Information is anything created by the federal government that is not meant for public release.

Companies that hold FCI will at a minimum, the put into place,  safeguarding requirements outlined in FAR clause 52.204-21.

Level One CMMC assessment is recommended for Companies that hold FCI. This can include a plumber who has schematics for job to a machine shop.

What is CUI?

Controlled Unclassified Information is any information generated by the government or for the government with protections covered by federal law or regulations.

Companies that hold or create CUI will be required to demonstrate CMMC compliance via a CMMC third party assessor organization (C3PAO) assessment. Readiness represents a major investment, and the CT CMMC Coalition offers various resources that can help.

What is the Impact on My Company?

COST

DoD estimates CMMC Level 3 will cost $51,095.60 for a small company to support CMMC and $41,666 in recurring engineering costs.

Contracts

The Department of Defense released 7 CMMC pathfinder pilot contracts. If you are planning on working on these contracts, you need certification if awarded

Compliance

CMMC level 3 requires 130 Practices and 51 Processes. You must be compliant on 382 Objectives for Practices and 323 Objectives for Processes. For a total of 705 Assessment Objectives.

Confidence

You need trusted partners. As a community of small business members, cybersecurity experts, and government officials you can believe in us.

Thus the highest realization of warfare is to attack the enemy’s plans; next to attack their alliances; next to attack their army; and the lowest is to attack their fortified cities. Sun Tzu