Department of Defense Moves up Timeline for CMMC Compliance

July 22, 2022
In 2021, the Department of Defense announced a new strategic effort to provide enhanced cybersecurity efforts for their building projects going forward. The Cybersecurity Maturity Model Certification (CMMC) will ensure accountability for companies to implement cybersecurity standards to protect sensitive data during the design, build and operations of DoD facilities. Through research grants by the John R. Gentille Foundation and Electri Foundation, a video series has been produced by MCAA’s Chief Security Fanatic, Nick Espinosa to provide an update on the process. Recently, the DoD has updated their timeline for CMMC and plan on publishing their initial requirements in March 2023 for the 60-day review and comment period. Once completed, the first phase of CMMC compliance will go into effect with a self-assessment that must be completed by every contractor working on a DoD project.

In 2021, the Department of Defense announced a new strategic effort to provide enhanced cybersecurity efforts for their building projects going forward. The Cybersecurity Maturity Model Certification (CMMC) will ensure accountability for companies to implement cybersecurity standards to protect sensitive data during the design, build and operations of DoD facilities. Through research grants by the John R. Gentille Foundation and Electri Foundation, a video series has been produced by MCAA’s Chief Security Fanatic, Nick Espinosa to provide an update on the process.

Recently, the DoD has updated their timeline for CMMC and plan on publishing their initial requirements in March 2023 for the 60-day review and comment period. Once completed, the first phase of CMMC compliance will go into effect with a self-assessment that must be completed by every contractor working on a DoD project. The second phase, which requires third-party auditing of a contractor’s cybersecurity practices has not yet been established, but projected to take place in 2025. 

The CMMC program includes cyber protection standards for companies in the defense industrial base (DIB). By incorporating cybersecurity standards into acquisition programs, CMMC provides the Department assurance that contractors and subcontractors are meeting DoD’s cybersecurity requirements. For plumbing, mechanical and service contractors working on DoD projects, this means that they will have to document and upgrade safe data practices, increase the security level of their software and certify that these standards have been met through third-party auditors. 

Eleven new cybersecurity best practices videos have been added to the series and as the standard develops, the John R. Gentille Foundation will provide additional videos and materials. These are practical for all contractors, not just those working on DoD projects in order to protect your business and your customers. This includes:

Related Articles
MCAA Member Arden Building Companies recently hosted an Intern Day to familiarize new interns with the company and the industry. The event was hosted by Robert Bolton, CEO of Arden Building Companies and MCAA’s President, John Puniello, President of Arden Engineering Constructors, and Ciara Fusaro, HR Manager for Arden Building Companies. It included a mix of fun and games and serious learning about the industry, including a demonstration of Arden’s new Spool Welding Robot and a tour of the Unique Metal Works sheet metal fabrication facility. Arden’s interns are learning from the teams at Arden Engineering Constructors in Pawtucket, RI, Corporate Mechanical of New England in Woburn, MA, and MJ Daly in Waterbury, CT, all MCAA members.…
The MCAA Field Leaders Conference provides those working in the field with the skills needed to be business and results oriented leaders who focus on growing company culture, brand and profits. During this intensive conference, attendees will learn from industry experts including facilitators who have been in their shoes and worked their way through the ranks to become successful business owners and from their peers from around the country as members of breakout session teams. The conference will be offered in both Indianapolis, IN (October 12-14, 2022) and Kansas City, MO (November 2-4, 2022) this fall. Register your field leaders today!…
The MCAA Fabrication Conference, powered by MSUITE, is going to Seattle this November 2-4 with a tour of one of the country’s most dynamic mechanical contractors – McKinstry Company. This conference is one of MCAA’s most popular conferences and it sells out quickly. Registration is limited to 2 people per company, including those with multiple locations.…
Longevity in business is rare. According to Harvard Business Review, the average lifespan of businesses has fallen by 80% in the last 80 years (from 67 to 15 years). With this in mind, the staying power of MJ Daly is that much more impressive. This year, MJ Daly, LLC of Waterbury, Conn. is celebrating 140 years of providing mechanical contracting services to commercial and industrial buildings across New England.…

MCAA's Fabrication Conference, powered by @msuitetech is going to Seattle, November 2-4, 2022 with a tour of one of the country’s most dynamic mechanical contractors, @McKinstryCo. Mark your calendars – Registration opens on August 15th at 9am Eastern!

Learn about the next evolution of infrastructure & attend MCAA's webinar on Clean Energy: Geothermal Energy Exchange on August 18 at 3pm ET. MCAA President Robert M. Bolton will be joined by subject matter expert on geothermal HVACR technologies, Jay Egg. http://ow.ly/yfWJ50KaVPs

Looking for the latest from Morris Group International and @setonsafety? Find it in MCAA’s Virtual Trade Show!

http://ow.ly/vlpe50K40Y8

The PCA & Lexington Plumbing teamed up for the '22 PCA Plumbing Service Conference, Sept. 14-15. The event will include a hosted facility tour of Lexington Plumbing. Registration is now open. Space limited to 65 participants – register today!
Learn more >> https://www.mcaa.org/events/calendar/2022-pca/

Load More...