Cybersecurity – CMMC Compliance and History

Cybersecurity – CMMC Compliance and History


With all the reports coming out about companies being compromised by cybersecurity attacks, you almost long for the days when bad weather was the lead story. Let’s face it, the world has changed, and cybersecurity threats are only getting more frequent, and sophisticated. That is one of the reasons the Federal Government is implementing the Cybersecurity Maturity Model Certification (CMMC) for all its contractors. Gone are the days when a contractor can self-attest and say they are “working towards” certification, and CMMC is much more comprehensive than the Defense Federal Acquisition Regulation Supplement (DFARS).

So maybe you don’t know much about CMMC or cybersecurity. Sometimes its good to pause and look back, so we can learn and improve. Here’s a quick recap of how our nation’s cybersecurity posture has developed. If you want a more in-depth history lesson, you can invest an hour of your time and watch this great video from Jacob Horne 

Here is the short version:

In response to 9/11 the Homeland Security Act was passed in November 2002. Two years later The Intelligence Reform & Terrorism Prevention Act was passed, all these to address our nation’s limitations to share information that was confidential, sensitive, classified, unclassified, etc. to prevent another 9/11 type incident. Over the years following, Presidential Memorandums were used to develop a better cybersecurity posture. In November 2010 Executive Order 13566 was enacted, bringing together all the work of the previous years, and developing the Controlled Unclassified Information (CUI) program we have today, applying it to the entirety of the government’s contracting base and establishing guidelines for protecting CUI on systems outside the government’s control. After years of clearing red tape, all necessary but tedious, in November of 2016 the “Final Rule” is implemented to protect CUI across the spectrum of governmental procurement environment. In the beginning, self-attestation was allowed, and certification was not required- until it became obvious that our data was still being compromised and risking our national security. Finally, CMMC was born. 

After nearly 20 years of legislation and various program iterations, The US Department of Defense has implemented the Cybersecurity Maturation Model Certification (CMMC) for all government vendors to help protect information within the government supply chain.

If you are a DoD or government contractor/sub-contractor I strongly encourage you to watch Jacob Horne’s video, so you know why the investment of your resources to become CMMC compliant is so important. Not just so you can do business with the government, but for our national security.

It is well known that the cost of implementing CMMC is considerable. PARC, along with our partners at Avatara, can help you achieve CMMC compliance, oftentimes with significant cost savings, by using our CompleteCloud platform. Check out Avatara’s blog about how they helped one of their clients reach CMMC compliance for their IT platform

We are here to help answer questions and enable you to decide the best course of action for your firm. Let’s talk…


Leave a Reply

  • Cybersecurity Checklist for Small & Mid-sized Businesses

    Whether you’re vetting managed security providers or assessing your current cybersecurity strategy, understanding the basics of a layered approach is important to make the right decisions for your company. A complete cybersecurity checklist would be ever evolving as technology and cybercrime are rapidly changing, but below are some of the key factors to consider as you begin your research.

    September 8, 2021
  • Oracle EPM Cloud Update – Sep’21 (21.09)

    The below changes are scheduled to take place during the first nightly maintenance period after 2AM ET on Saturday Sept 4, 2021 (test environments) and on or after 2AM ET on Saturday, Sept 18, 2021 (production environments).

    September 2, 2021
  • CompleteCloud Vs. GCC High

    As a company that provides high technology engineering services to the US Army, US Air Force, USMC, US Navy, and the Australian Defense Force, meeting cybersecurity standards was crucial to winning DoD contracts and maintaining a competitive advantage.

    August 25, 2021
  • Financial Institution Improves Security & Ensures Compliance

    Every bank and financial institution across the country has security and auditing concerns, our client was no different. They needed a way to increase their cybersecurity, while continuing to remain compliant with FDIC standards along with passing their annual audits.

    August 25, 2021