Jeffrey Bird
Senior Vice President for Cyber Marketplace Services
-
United States
Under Department of Defense (DoD) contracts, data may be collected, created, transmitted, or received from or for the government. This includes Controlled Unclassified Information (CUI), which covers sensitive but unclassified data, and Federal Contract Information (FCI), which refers to non-public information.
Set to take effect in late 2024 and incorporated into some DoD contracts and solicitations by early to mid-2025, the Cybersecurity Maturity Model Certification (CMMC) is designed to safeguard both CUI and FCI shared between the DoD and its contractors and subcontractors.
The CMMC program establishes a framework to enforce cybersecurity requirements for systems that handle CUI and FCI, requiring alignment with the DoD's information security standards for the defense industrial base. Under the CMMC rule, members of the defense industrial base are required to implement a varying number of cybersecurity controls depending on the type and sensitivity of the information they handle.
It is important to note that compliance with CMMC will be mandatory for all DoD contract awards, with a few limited exceptions. This makes early understanding of CMMC requirements and achieving compliance crucial for organizations looking to engage with the DoD in the near and long-term.
Marsh has partnered with CMMC-accredited firms to create an efficient approach for defense industrial base members to understand CMMC requirements and achieve CMMC compliance. Marsh can connect clients with vendors to review compliance readiness and introduce firms qualified to conduct formal assessments. This collaboration allows clients to pursue CMMC compliance, while also securing enhanced cyber insurance coverage at favorable terms, simplifying the overall process.
Marsh helps clients compare and select the most suitable third-party CMMC vendors based on their unique needs and budget. Selected vendors conduct assessments to help clients determine their compliance readiness.
Clients may enjoy discounted rates on CMMC preparation consulting services and third-party assessment services, along with preferred pricing for cyber insurance coverage and terms.
By integrating CMMC compliance and cyber insurance underwriting into a single process, clients save valuable time and effort. CMMC consulting reports and assessment results can also be used to pinpoint ways to improve cyber hygiene, enabling organizations to expand their insurance options or improve existing coverage.
Cyber insurance programs are specifically designed to meet the unique needs of defense industrial base members.
Marsh’s CMMC program is integrated into Marsh’s Cyber Marketplace, offering clients a tailored portfolio of leading third-party cybersecurity solution providers. This allows clients to easily access a diverse range of accredited vendors and services that address their specific cyber risk and control needs. The comprehensive approach not only streamlines the process of achieving CMMC compliance, but also empowers clients to make informed decisions based on their unique requirements.
As specialists in enterprise risk and in cyber, we can help you take an enterprise-wide approach in building your cyber resilience. Together, we identify your risks, and work with you to develop a program tailored to your circumstances. We inform your approach and decision-making process with our more than 25 years of cyber experience and data-driven insights. By doing so, your path to cyber resilience can be more productive and predictive and your outcomes more efficient and effective.
Senior Vice President for Cyber Marketplace Services
United States
Vice President, Cyber Practice
United States