Call (716) 373-4467
04Jun

Why and How the DoD is Implementing the CMMC

 

The Department of Defense has been working to improve cybersecurity over the last several years. 

News of nation-state sponsored theft of defense secrets makes the news on a regular basis.

The biggest source of leaks of leaks of sensitive intellectual property: the hundreds of thousands of contractors that have access to sensitive but unclassified information called Controlled Unclassified Information or CUI.

In 2013, the DoD created a security requirement in the Federal Acquisition Regulations called DFARS 252.204-7012. A few years later, NIST released a security requirement named SP 800-171.

While both of these began to improve security for the defense industrial base, they did not solve the problem. Compliance with the DFARS is mandatory, as is compliance with NIST, but in most cases compliance with these regulations is based on the honor system – this has not worked.

The solution: Cybersecurity Maturity Model Certification (CMMC).

The release of the CMMC in 2019 is the first time the DoD has required contractors, sub contractors, and suppliers to be certified to participate in the DoD supply chain.

So what do you need to know?

  • The DoD is now requiring that all contractors and subcontractors “self-certify” they are compliant with NIST SP 800-171 by November 30, 2020. This self-certification will include posting audit scores and expected date of compliance to the SPRS portal.
  • The government is now requesting that all DoD contractors and sub-contractors be in compliance with CMMC by 2025.
  • Companies need to look at their existing maturity with DFARS 800-171 and understand what CMMC Level (1, 2, 3, 4, or 5) they need to be in compliance with moving forward.
    • The DoD entity will dictate what Level of Compliance the contractor or sub-contractor must be at.

Databranch and Cyberstone are here to help! Cyberstone received Registered Provider Organization status from the Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB) and are well positioned to provide advice and consulting services to organizations seeking CMMC certification.

The steps are easy: Contract with Databranch and Cyberstone Security and complete a maturity assessment engagement.

Understand the gaps in your maturity level and develop a roadmap for compliance: technology changes may require budget cycles to resolve.

Don’t wait! The DoD wants to see policy and practice within your organization for an 8-12 month period BEFORE they audit and issue a certificate of compliance.

Once deemed compliant, the compliancy level is good for a 3-year period.

To learn more about how Databranch and Cyberstone can help your organization prepare for the CMMC, give us a call at 716-373-4467 x 15!

 

*Courtesy of Cyberstone*

comments powered by Disqus
2FA AI APC backup business continuity BYOD client of the month cloud computing computer services computer support computer upgrade Computer Upgrades Control Chief covid-19 CryptoLocker CryptoWall Cyber Attacks cyber criminal cyberattack cybercrime cybersecurity Cybersecurity Training Dark Web Monitoring Dark web scan data protection Data-Loss Prevention Databranch Databranch Comprehensive Care databranch cto databranch employees Discounts doug wilson dura-bilt email migration email security End of Support Exchange Online Facebook field technician Hardware Refresh heat-induced server crash holiday computer tips holiday internet tips How Long Do I have to Upgrade my Windows 7 Computers? ID Agent Information Technology Internet Security IT Outsourcing IT Services J.P. Morgan malware managed service managed services Microsoft Microsoft End of Support Microsoft Patching Microsoft Support Microsoft Telephone Scam mike wilson mobile device security Multi-Factor Authentication Network Infrastructure Office 2013 Office 365 old UPS password management password security Penn-Troy Manufacturing Phishing Attacks Power Failure proper server environment Ransomware remote access repeatbusinesssystems SBS2011 security security vulnerabilty Server 2008 Server 2008R2 Server Upgrade server virtualization Small Business Small Business Server 2011 smb SMS intercept Social Media stolen credentials Symantec Symantec Backup Exec temperature Tips Two-Factor Authentication Upgrading to Windows 10 UPS virus Western New York Windows 10 Windows 7 Windows Server 2003 Windows Server 2012 winrar