The best time to plant a tree was 20 years ago. The second best time is now.

TIME IS OF ESSENCE! Schedule an IT / Cloud Infrastructure Audit with WWCM to support your organization's Cybersecurity Maturity Model Certification (CMMC) 2.0 readiness.

The CMMC is a new framework developed by the DoD that requires third-party audits of defense industrial base (DIB) contractor cybersecurity practices.  DoD contract holders and subcontractors to DoD contracts that interact with Controlled Unclassified Information (CUI) will be required to comply with and assessed to the CMMC. Updated requirements known as CMMC 2.0 are undergoing review through government rulemaking. Get prepared now before it's too late!

With respect to CMMC/NIST/DFARS compliance the timetable for the final CMMC interim rule is still March of 2023 and in new contracts by May of 2023, the Pentagon released a recent memo (see link below) advising Contracting Officers to start enforcing the DFARS-7012 clause ASAP.

• https://www.acq.osd.mil/dpap/policy/policyvault/USA000807-22-DPC.pdf

Remedies for non-compliance may include:

• Withholding progress payments
• Foregoing remaining contract options
• Potentially terminating the contract in part or in whole

WWCM will prepare your company by:

• Assisting with hardening the posture of your IT / Cloud Infrastructure Program
• Supporting the development of a System Security Plan (SSP) and Plans of Action and Milestones (POA&Ms)
• Reviewing control activities developed to create auditable artifacts
• Supporting control measures that align with best practices to pass CMMC

WWCM is uniquely qualified to help with compliance:

• Subject Matter Experts (SMEs) are certified, auditors and security professionals