Call (716) 373-4467
04Jun

Why and How the DoD is Implementing the CMMC

 

The Department of Defense has been working to improve cybersecurity over the last several years. 

News of nation-state sponsored theft of defense secrets makes the news on a regular basis.

The biggest source of leaks of leaks of sensitive intellectual property: the hundreds of thousands of contractors that have access to sensitive but unclassified information called Controlled Unclassified Information or CUI.

In 2013, the DoD created a security requirement in the Federal Acquisition Regulations called DFARS 252.204-7012. A few years later, NIST released a security requirement named SP 800-171.

While both of these began to improve security for the defense industrial base, they did not solve the problem. Compliance with the DFARS is mandatory, as is compliance with NIST, but in most cases compliance with these regulations is based on the honor system – this has not worked.

The solution: Cybersecurity Maturity Model Certification (CMMC).

The release of the CMMC in 2019 is the first time the DoD has required contractors, sub contractors, and suppliers to be certified to participate in the DoD supply chain.

So what do you need to know?

  • The DoD is now requiring that all contractors and subcontractors “self-certify” they are compliant with NIST SP 800-171 by November 30, 2020. This self-certification will include posting audit scores and expected date of compliance to the SPRS portal.
  • The government is now requesting that all DoD contractors and sub-contractors be in compliance with CMMC by 2025.
  • Companies need to look at their existing maturity with DFARS 800-171 and understand what CMMC Level (1, 2, 3, 4, or 5) they need to be in compliance with moving forward.
    • The DoD entity will dictate what Level of Compliance the contractor or sub-contractor must be at.

Databranch and Cyberstone are here to help! Cyberstone received Registered Provider Organization status from the Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB) and are well positioned to provide advice and consulting services to organizations seeking CMMC certification.

The steps are easy: Contract with Databranch and Cyberstone Security and complete a maturity assessment engagement.

Understand the gaps in your maturity level and develop a roadmap for compliance: technology changes may require budget cycles to resolve.

Don’t wait! The DoD wants to see policy and practice within your organization for an 8-12 month period BEFORE they audit and issue a certificate of compliance.

Once deemed compliant, the compliancy level is good for a 3-year period.

To learn more about how Databranch and Cyberstone can help your organization prepare for the CMMC, give us a call at 716-373-4467 x 15!

 

*Courtesy of Cyberstone*

Back to view all blog posts

Comments
comments powered by Disqus
Administrative Privileges Annual Security Training Anti-Virus Authenticator App Backup and Recovery Backup Redundancy Breach Prevention Platform Breaches business continuity Business Email Compromise Business Phone System Business Software BYOD Call Directory Cisco Cloud Accounts Cloud Infrastructure Cloud Security Cloud Solutions Compromised Credentials computer support Computer Upgrades Conditional Access Credential Theft Cyber Attacks Cyber Criminals Cyber Insurance Cyberattacks cybersecurity Cybersecurity Breach Cybersecurity Culture Cybersecurity Training Dark Web Dark Web Monitoring Data Backup Data Backup Solution Data Breach Data Breaches Data Privacy Compliance Data Privacy Regulation data protection Data Recovery Device Security Disaster Recovery DNS Filtering doug wilson employee cybersecurity training field technician Foundation Security Gift Card Scams Hackers Hosted VoIP i.t. service provider Identity Theft Insider Threats Internet Explorer IoT Devices IT Compliance IT Infrastructure IT Myths IT Partner IT Policies IT Resource IT Security IT Service Provider IT Services Juice Jacking Local Admin local admin privileges Lost Devices M365 malware managed service provider managed services Manages Services MFA Microsoft Microsoft 356 Microsoft 365 Copilot Microsoft Office Mobile Devices MSP MSP501 Multi-Factor Authentication Network Security New Computer Offboarding Office 365 Outlook Outsourced IT Password Manager Password Managers Password Protection password security Passwords Patch Management Patches Patching PC Performance Penetration Testing Personal Data phishing Phishing Attacks PII Proactive Monitoring Processor productivity Professional Tune-Up Public WiFi Push-Bombing RAM Ransomware Ransomware Prevention Recovery Time Calculator Remote Monitoring Remote Working repeatbusinesssystems Ring Groups risk assessment Risk Management Rock-It VoIP RTO Costs Scammers Scams security Security Assessment Security Awareness Training Security Defaults Security Key SLAM Method Smishing SMS Social Engineering Social Media Security Solid-State Drive Sponsored Google Ads SSD stolen credentials Storage Teams technical support scam technology best practices Technology Management Technology Policies Technology Review Threat Detection Threat Identification Threat Modeling Updates virus VoIP Systems VPN Vulnerabilities Vulnerability Assessment Warning Signs Windows 8.1 Work Computers World Backup Day