Red Octopus Digital Services is actively tracking the development and establishment of the Cybersecurity Maturity Model Certification (CMMC). It is our intent to seek C3PAO certification once the standards have been finalized.

In the interim, we will provide consulting services on preparation for the new certification. Here are some FAQs to consider:

• Prime contractors and subcontractors must be certified under CMMC standards to any one of five levels.  The highest levels are reserved for organizations exposed to the most sensitive information.
• The implementation rollout will begin 1 September 2020, and take up to 5 years.
• If a contract requires CMMC certification it will be listed in the Request For Proposal (RFP) Sections C and L.
• The CMMC-AB will provide the standard for applying the model and certify trainers who will train assessors.
• The CMMC-AB will provide an online marketplace where organizations can find an available, qualified C3PAO.
• A certification will last 3 years, provided there are no incidents or other triggers inducing a second look at an organization.