In today’s episode, we delve into the complex world of government contracts and cybersecurity challenges. We break down the different certification levels and their requirements for contractors. Level two contracts involve controlled unclassified information, necessitating a level two certification. However, recent changes have exempted level one contracts from third-party certification, requiring only a certification from a C-level executive within the company.

We also emphasize the importance of understanding the definition of controlled unclassified information, which currently lacks clarity and consistency across the government and contractor community. Contractors who opt for self-certification must exercise caution, as they assume the risk and responsibility without the backing of a third-party certification.

Tune in now to learn about preparing for the forthcoming Cybersecurity Maturity Model Certification (CMMC) rollout, where the time and effort required for readiness is important.