Call (716) 373-4467
04Jun

Why and How the DoD is Implementing the CMMC

 

The Department of Defense has been working to improve cybersecurity over the last several years. 

News of nation-state sponsored theft of defense secrets makes the news on a regular basis.

The biggest source of leaks of leaks of sensitive intellectual property: the hundreds of thousands of contractors that have access to sensitive but unclassified information called Controlled Unclassified Information or CUI.

In 2013, the DoD created a security requirement in the Federal Acquisition Regulations called DFARS 252.204-7012. A few years later, NIST released a security requirement named SP 800-171.

While both of these began to improve security for the defense industrial base, they did not solve the problem. Compliance with the DFARS is mandatory, as is compliance with NIST, but in most cases compliance with these regulations is based on the honor system – this has not worked.

The solution: Cybersecurity Maturity Model Certification (CMMC).

The release of the CMMC in 2019 is the first time the DoD has required contractors, sub contractors, and suppliers to be certified to participate in the DoD supply chain.

So what do you need to know?

  • The DoD is now requiring that all contractors and subcontractors “self-certify” they are compliant with NIST SP 800-171 by November 30, 2020. This self-certification will include posting audit scores and expected date of compliance to the SPRS portal.
  • The government is now requesting that all DoD contractors and sub-contractors be in compliance with CMMC by 2025.
  • Companies need to look at their existing maturity with DFARS 800-171 and understand what CMMC Level (1, 2, 3, 4, or 5) they need to be in compliance with moving forward.
    • The DoD entity will dictate what Level of Compliance the contractor or sub-contractor must be at.

Databranch and Cyberstone are here to help! Cyberstone received Registered Provider Organization status from the Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB) and are well positioned to provide advice and consulting services to organizations seeking CMMC certification.

The steps are easy: Contract with Databranch and Cyberstone Security and complete a maturity assessment engagement.

Understand the gaps in your maturity level and develop a roadmap for compliance: technology changes may require budget cycles to resolve.

Don’t wait! The DoD wants to see policy and practice within your organization for an 8-12 month period BEFORE they audit and issue a certificate of compliance.

Once deemed compliant, the compliancy level is good for a 3-year period.

To learn more about how Databranch and Cyberstone can help your organization prepare for the CMMC, give us a call at 716-373-4467 x 15!

 

*Courtesy of Cyberstone*

Back to view all blog posts

Comments
comments powered by Disqus
Administrative Privileges Annual Security Training Anti-Virus Backup and Recovery Breaches business continuity Business Email Compromise Business Phone System BYOD Call Directory Cisco Cloud Infrastructure Cloud Security Cloud Solutions Compromised Credentials computer support Computer Upgrades Conditional Access Cyber Attacks Cyber Criminals Cyber Insurance Cyberattacks cybersecurity Cybersecurity Breach Cybersecurity Training Dark Web Monitoring Data Backup Data Backup Solution Data Breach Data Breaches data protection Data Recovery Device Security Disaster Recovery DNS Filtering doug wilson field technician Foundation Security Gift Card Scams Hackers Hosted VoIP i.t. service provider Internet Explorer IT Compliance IT Policies IT Security IT Services Juice Jacking Local Admin local admin privileges Lost Devices malware managed service provider managed services MFA Microsoft Microsoft 356 Microsoft Office Mobile Devices MSP MSP501 Multi-Factor Authentication New Computer Offboarding Office 365 Outlook Password Manager Password Managers Password Protection password security Passwords Patches Patching PC Performance Penetration Testing Personal Data phishing Phishing Attacks PII Proactive Monitoring Processor productivity Professional Tune-Up Public WiFi RAM Ransomware repeatbusinesssystems Ring Groups Rock-It VoIP RTO Costs Scammers Scams security Security Assessment Security Awareness Training Security Key SLAM Method Smishing SMS Social Media Security Solid-State Drive SSD stolen credentials Storage Teams technology best practices Technology Policies Technology Review Updates virus VoIP Systems VPN Vulnerabilities Vulnerability Assessment Warning Signs Work Computers