Does Your 2021 Budget Include CMMC Planning?
Thanks to the recently released DFARS Interim Final Rule that went into effect Nov. 30 2020, all DoD contractors and subcontractors are now required to submit scored self-assessments against NIST 800-171 requirements.
Request A CMMC Readiness Assessment
Does Your 2021 Budget Include CMMC Planning?
As we move further into 2021, have you developed a plan for CMMC compliance?
Thanks to the recently released DFARS Interim Final Rule that went into effect Nov. 30 2020, all DoD contractors and subcontractors are now required to submit scored self-assessments against NIST 800-171 requirements. Furthermore, over the course of 2021 and the following years all DoD contractors will need to meet CMMC requirements.
All of this will cost money — have you budgeted for it?
Interim Final Rule 101
In case you didn’t already know, the DFARS Interim Final Rule adds new clauses:
DFARS 252.204-7019
This clause requires a scored self-assessment of a company’s status with existing NIST 800-171 controls from Nov. 30, 2020, onward. Assessments fall into three categories:
The results of these assessments are to be uploaded to the Supplier Performance Risk System (SPRS).
DFARS 252-204-7020
This clause lays out two requirements:
These requirements consolidate all assessment-associated info and ensure that assessors can access systems for the purpose of an assessment.
DFARS 252-204-7021
This clause requires CMMC to be included in all contracts moving forward from the deadline. The details of CMMC compliance align with previous versions released by the DoD.
No matter how secure your organization is, it’s wise to plan for some degree of investment in CMMC readiness and compliance for 2021 and beyond. New technology tools, the time spent to develop and implement new policies, perform assessments, and prepare for audits could all be required to fully meet CMMC requirements.
4 Considerations For Your CMMC Budgeting
Take stock of your current policies and associated practices by answering the following questions:
Regardless of whether you hire outside support for your policy development or handle it entirely in-house, you’ll need to budget for that time and expense.
Need Expert Assistance Planning for CMMC in 2021?
CMMC compliance will not be a one-time cost, as it is not a one-time snapshot. It is an ongoing state and requires ongoing practices, policies, and support to maintain compliance.
SSE has been recognized as a Registered Provider Organization (RPO) by the CMMC- Accreditation Body (CMMC-AB), and our team is available to help you analyze your current compliance with NIST 800-171 and identify what is needed to meet the new standards required for CMMC certification.