FedTech Magazine: What Is the Cybersecurity Maturity Model Certification and How Can It Be Achieved?

“That process, known as the Cybersecurity Maturity Model Certification, has undergone many evolutions since it was formally introduced in early 2020 and is, in fact, still evolving. However, at its core, CMMC is designed to ensure that defense contractors are all meeting at least a basic level of cybersecurity hygiene for protecting sensitive defense information…”

“Michael Cardaci, CEO of FedHive, a Federal Risk and Authorization Management Program-certified cloud service offering that provides security compliance solutions, says the key to the CMMC is in the name, in that it follows a maturity model.

‘The idea behind it is the embodiment of security, as opposed to just kind of checking off a list of things that you make sure you do, like change your password and that sort of thing,’ he says. ‘I view it as more of an immersive kind of thing.’…”

“Cardaci recommends that contractors familiarize themselves with the requirements for the CMMC, starting at level 1 and working upward. He emphasizes that organizations should not think of the CMMC as a one-time check, since in order to maintain compliance, organizations will need to be thinking about cybersecurity ‘as part of your operational function going forward.’

In general, the DOD says a CMMC certification will be valid for three years.

‘Compliance isn’t security,’ [William “Tony” Bai, director and federal practice lead at A-LIGN, a cybersecurity and compliance firm] says, ‘but compliance is a way to document what you’ve done to secure things.’…” Read the full article here.

Source: What Is the Cybersecurity Maturity Model Certification and How Can It Be Achieved? – By Phil Goldstein, August 3, 2021. FedTech Magazine.


This topic contains 0 replies, has 1 voice, and was last updated by  Jackie Gilbert 5 months, 3 weeks ago.

  • Author
  • #134054

    Replies viewable by members only


You must be logged in to reply to this topic.


Questions?. Send us an email and we'll get back to you, asap.


©2022 MileMarker10, LLC all rights reserved | Community and Member Guidelines | Privacy Policy | About G2Xchange FedCiv

Opportunities. Starting Points.

About our Data

The Vault is a listing of expiring contracts, task orders, etc. within a certain set of parameters, to include:

  • Have an initial total estimated contract value of $10 million or above
  • Federal Civilian Only – DHS, Transportation, Justice, Labor, Interior, Commerce, Energy, State, and Treasury Actions
  • NAICS codes include: 511210, 518210, 519130, 519190, 541511,
    541513, 541519, 541611, 541618,
    541690, 541720, 541990
  • Were modified within the last 12 calendar months
  • The data represented is based on information provided by the government

Who has access? Please note that ALL G2Xchange FedCiv Members will receive access to all basic and much of the advanced data. G2Xchange FedCiv Corporate Members will receive access to ALL Vault content (basic and advanced).

Feedback/Suggestions? Contact us at Vault@G2Xchange.com and let us know what you think. 

G2Xchange FedCiv

Log in with your credentials for G2Xchange FedCiv

Forgot your details?