The final Cybersecurity Maturity Model Certification (CMMC) rule is slated to go into effect in the first quarter of 2025. But is the work required to gain CMMC certification worth the squeeze for your MSSP business?
That's what Carter Schoenberg, VP and chief security officer, SoundWay Consulting, will discuss in his session at MSSP Alert Live, held October 14-16 in Austin, Texas. There's still time to register for this event, and you won't want to miss it!
[Register here to attend MSSP Alert Live. Explore the full agenda here.]
The CMMC program is aligned to the U.S. Department of Defense (DoD)’s information security requirements for defense industrial base (DIB) partners. It is designed to enforce the protection of sensitive, unclassified information that the Department shares with its contractors and subcontractors, including MSPs and MSSPs. The CMMC program provides the Department increased assurance that contractors and subcontractors are meeting the cybersecurity requirements that apply to acquisition programs and systems that process controlled unclassified information.
The CMMC 2.0 program has three key features:
Over 75,000 government contractors need a CMMC certification, and approximately 85% of these firms rely heavily on MSSPs, Schoenberg explained.
"Over 95% of defense contractors rely on external service providers, including MSPs and MSSPs. As a result, these service providers must be independently certified," he said. That's especially important for the upcoming transition to CMMC 2.0, he said, which is introducing several key changes that build on and refine the original program requirements.
"Most MSSPs do not understand what percentage of their portfolio is now in scope for these obligations. Subsequently, there's the potential for loss of revenue due to no longer being allowed to service these clients," Schoenberg warned.
In his session at MSSP Alert Live, Schoenberg will explain how you can:
