The US Department of Defense (DoD) is taking steps to limit the threat of supply chain exposure to cyber-crime with a new certification program for its vendors and suppliers.

The Cybersecurity Maturity Model Certification (CMMC), to be introduced this year, will measure the maturity level of all Defense Industrial Base (DIB) / DoD suppliers’ cybersecurity programs. The CMMC has five levels of maturity that align with DoD contract requirements, and suppliers wishing to participate in the DoD contracting process must achieve maturity levels that align with those individual contract requirements.  

The CMMC will be rolled out into contracts in phases from fiscal year 2021 through fiscal year 2025, and the final CMMC rule definitions are expected in the first quarter of 2021. However, the DoD issued an Interim Rule, effective November 30, 2020, to amend the Defense Federal Acquisition Regulation Supplement (DFARS) to implement the CMMC framework. This interim rule includes new DFARS clause 252.204.7021, which specifies CMMC requirements.

HKA provides an easy way to get started. Our FREE CMMC Online Assessment Questionnaire provides a helpful baseline of information on your CMMC obligations, and helps you chart a course that best meets your needs.

The interim rule also enables the DoD to verify the protection of Federal Contract Information (FCI) and Controlled Unclassified Information (CFI) within the unclassified networks of DIB companies using the National Institute of Standards and Technologies (NIST) 800-171 framework and assessment methodology.

The interim rule became effective on 30 November 2020.


Cyber-crime is one of the fastest growing criminal activities globally, and government agencies are prime targets.

The modern-day battlefield has moved to cyberspace, and nation-state attackers are trying to gather intelligence on their adversaries by any means possible. Emerging technologies and the expanding universe of the “Internet-of-Things” have increased the threat of exposure for both government agencies and their suppliers.

The cyber-theft of intellectual property and sensitive information, along with the compromise of systems in every US industrial sector threatens our national defence and economic security. According to a 2018 report from The US Council of Economic Advisors, malicious cyber activity cost the US economy between USD$57 billion and USD$109 billion in 2016, and these figures have likely increased exponentially since then. Extrapolated over a ten-year period, these figures equate to USD$570 billion to USD$1.09 trillion in damages.

HKA CMMC Training Courses

Introduction to the DOD Cybersecurity Maturity Model Certification (CMMC)

Course Summary

An overview of the CMMC model and its foundations in FAR/DFAR requirements and NIST 800-171 specifications. The session will explore what organisations will need to have in place to achieve various levels of certification, along with best practices for getting started.

Developing a CMMC Plan & Strategy for Your Organisation

Course Summary

An interactive session to help organisations develop an approach and working level plan to get certified under CMMC. The session will focus on ways to prioritise and organise efforts tailored to your specific organisation.  Course materials will include planning templates to help organisations understand their specific scope of efforts and how balance costs, timelines, and levels of effort.

Understanding CMMC Maturity Levels

Course Summary

Exploration of CMMC Maturity Level regulatory and specification basis and cybersecurity objectives and how these will impact how an organisation operates on range of levels.

CMMC Domains & Capabilities

Course Summary

Review of the Model’s Domain and Capability organisation of cybersecurity Practices and applicability to Processes across Maturity Levels and approaches to best plan efforts for a specific organisation’s operations.

CMMC Practices

Course Summary

Dive into the details of the different CMMC Practices and look at technical options, examples, and considerations for implementation and operations. Review model examples and reference details to better understand Model expectations.

CMMC Processes

Course Summary

Exploration of the CMMC Process models and their applications across Domains and Maturity Levels. Gain an understanding of the CERT Management Model process improvement approach that is the basis for the CMMC Processes.

CMMC Certification Preparation

Course Summary

Ensure your team is ready for a certification review with this walk through of preparation steps and activities that can help set your entire team up for success. Explore best practices around organisation of materials and conducting exercises with key personnel, as well as common mistakes to look out for.

Other Government Contracts

  • Compliance Review and Audit Services
  • Government Contracts Practice Services
  • Government Contractor Support