its correct functionality and cannot be turned off. Optional cookies are used to improve the page with analytics, by
The DoD's new Cybersecurity Maturity Model Certification (CMMC) framework is rapidly becoming a reality for Defense contractors. There are still many questions out there about what exactly needs to happen to become CMMC certified.
Join Tony Bai on Tuesday, June 3 at 2pm ET, in a monthly Q&A series where he provides real insights on the latest in CMMC. He’ll answer your questions and will be with you every step of your CMMC journey.
Tony is a 20+ year veteran of the Air Force leading Federal compliance initiatives and an expert in CMMC. He’s a trusted source and is tracking the latest updates with the CMMC certification process as it’s evolving.
Catch up on the latest Federal Compliance Webinar
Watch this exclusive Q&A series with Tony Bai, where he provides real insights on the latest in CMMC.
Sign up for future Federal Compliance Webinars and get exclusive updates on CMMC.
Who is affected by CMMC? All government contractors working with the DoD will need to become CMMC-certified by passing an independent CMMC audit from a C3PAO to verify they have met the appropriate level of cybersecurity for their business. The CMMC level required will be specified for each contract by the DoD in the Request for Information (RFI) and Request for Proposals (RFP).
When will you need to meet the appropriate certification level? Government contractors will need to be compliant at the time the contract is awarded.
Are subcontractors affected? Yes, subcontractors working under a prime contractor will be expected to also maintain compliance.
What’s the difference between NIST 800-171 and CMMC? CMMC differs from NIST 800-171 because it includes five levels of cumulative practices and processes – this focus on processes is one major difference. CMMC seeks to institutionalize these processes, so that they will continue to be performed.
Will I need to be re-certified every year? Yes, CMMC certification is required on an annual basis.
About our CMMC team
Federal Practice Lead
A 20-year Air Force retiree, Tony is responsible for overseeing NIST-based engagements, including FedRAMP, FISMA, and 800-171, and providing cybersecurity advisory and guidance to our clients. He has over 27 years of IT experience with the last 10 years specializing in cybersecurity, providing risk assessments for government agencies and Fortune 500 companies across multiple industries.
And when he’s not leading the federal team at A-LIGN? You can catch him at comic book conventions or supporting his children’s Boys and Girls Scouts troops.