ON THE HORIZON
Mission Critical :
The Huge CMMC Opportunity For MSPs
The Cybersecurity Maturity Model Certification ( CMMC ) requires the approximately 300,000 defense industrial base ( DIB ) contractors to improve their security posture in order to earn contracts with the U . S . federal government . Even more recently , President Biden ’ s executive order on improving the nation ’ s cybersecurity specifically mentioned the need for IT service providers to bolster their cyber initiatives . Ultimately , the CMMC injects more defense contractor accountability into the protection and privacy of sensitive government contract information .
“ Being cybersecurity-ready is mission critical for these businesses , and MSPs are in the thick of it ,” explains Leia Shilobod , CEO of InTech Solutions and author of “ Cyber Warfare :
6 | MSPSuccessMagazine . com • VOLUME 2 ISSUE 5
Protecting Your Business From Total Annihilation .” “ The new battles are being fought in cyberspace , and America relies on the supply chain that can be at risk of cyberattack . At the end of the day , the CMMC helps protect us from our enemies .”
Full implementation into all new Department of Defense ( DoD ) contracts will take five years , but in the meantime , an interim rule kicked in on Nov . 30 , 2020 , with tough requirements for all new and renewing contracts :
* A self-assessment , reviewing implementation of 110 cybersecurity controls defined in NIST SP 800-171
* A System Security Plan ( SSP ) that provides the details of the environment and implementation of the controls
* A Plan of Action & Milestones ( POA & M ) that defines which controls are not addressed and specific time frames and plans for implementation
CMMC compliance is particularly important to MSPs that work directly and / or indirectly with the U . S . federal government .
Many of the organizations that these requirements apply to are often small and medium-sized businesses ( SMBs ) without the internal IT resources to perform the assessment or prepare the documentation .
Roll it all together , and CMMC compliance could play a big role in helping MSPs mitigate their own cyber risks while also doing their part to protect the United States .
“ Compliance isn ’ t just an opportunity for MSPS , it is the opportunity ,” says Mike Semel of Semel Consulting & Semel Systems .
The Ground Floor Opportunity For MSPs
MSPs that are paying attention have a great opportunity to get in on the ground floor of this development and expand their compliance offerings .
If MSPs have any clients that currently do business with the DoD , they now have serious new IT assessment requirements related to their cybersecurity practices that need documentation .
And if they don ’ t have any clients in the DoD supply chain , the estimated 300,000 businesses that make it up will create a demand for compliance services that will certainly outweigh supply in the immediate future .
The CMMC is broken down into five levels that build on each other . It is estimated that about half of all DoD contracts will only require CMMC Level 1 because many contractors do not store