CMMC Costs Could be on the Rise

In the last year, there has been a push to get more businesses in the supply chain compliant with the CMMC. However, some upcoming changes could make it more difficult for small businesses to comply. Assessment costs could be increasing soon, which would be counterproductive in getting many small businesses compliant.

Changing Assessor Requirements

The CMMC assessment requirements will be adjusted in the coming months to mandate more experienced, and as a result, more expensive assessors. While this will improve the quality of assessments, it will raise the prices of the assessments, making it more difficult for small businesses to afford them.

It should be noted that while the CMMC requires third-party verification of just one of the five levels of security, this proposed change would only apply to level three assessments. Additionally, the change would only apply to companies that handle the department’s unclassified information. It is part of a growing list of ideas from the DOD CMMC Program Management Office that many people are saying could negatively impact small businesses.

Future Assessment Details

Previously, businesses only need to hire one full-time assessor and three entry-level assessors. If the proposed changes come to fruition, businesses that needed level three certification would need to hire four full-time provisional assessors. For a candidate to be eligible to be an assessor under the new system, they would need at least four years of cyber or IT experience. They would also need to pass levels one and two beforehand.

Other potential changes include hiring quality control employees and having the assessors impose stricter standards on businesses.

The Effect of Changes on the Compliance Timeline

While the proposed changes to the CMMC assessment process will cause significant problems for small businesses, they will have a ripple effect on the CMMC as a whole. Not only would the changes increase costs, but it would require extra resources to implement. The time it takes to get compliance from all businesses will drastically increase by requiring more assessors with high qualification levels. Three hundred thousand contractors will eventually need assessments, and with a limited number of qualified assessors available, it could take a long time to reach compliance.

By: Alex O’Reilly

Source: https://www.fedscoop.com/cmmc-assessment-requirements-could-be-changing-potentially-raising-costs-for-some/