CMMC is here and it affects you

CMMC is here and it affects you

CMMC

Cybersecurity Maturity Model Certification

What is the Cybersecurity Maturity Model Certification? It is a series of requirement demanded by the Department of Defense of all those who provide services to them. Unlike previous standards such as NIST 800-171 or the CSF you cannot self-certify. When DFARS adds the CMMC requirements, (DFARS clause 252.204-7012), to all new contracts you will not be able to do work for the DOD or a DOD contractor. CMMC Third-Party Assessor Organizations (C3PAO)  is now training inspectors to enforce the rules. Furthermore, being on the cloud does not protect you, they want you to protect your blueprints and even the layout of your shop floor. They want you to protect your CUI documents, CNC data, and all machine tool programs. You need written policies and procedures to not only conform to the regulations for CUI, but also catch breaches and have a process to report them. The CMMC requirements are deep and wide.

A provision in the 2021 National Defense Authorization Act requires DOD's CIO and the commander of the Joint Forces Headquarters-Department of Defense Information Network to review each DOD component for cyber hygiene and assess compliance with CMMC.

The report identifies the "component's CMMC level and implementation of the cybersecurity practices and capabilities required in each of the levels of the CMMC framework," according to the legislation. H. R. 6395 SEC. 1742. DEPARTMENT OF DEFENSE CYBER HYGIENE AND CYBERSECURITY MATURITY MODEL CERTIFICATION FRAMEWORK

Those components that don't meet CMMC level 3 requirements, also referred to as "good cyber hygiene," will have to "implement relevant security measures to achieve a desired CMMC or other appropriate capability and performance threshold prior to March 1, 2022."

The report stemming from that review was due to Congress on March 1, but has been pushed to June, according to a Hill aide familiar with the matter.

The CMMC program, a unified standard that defense contractors handling controlled unclassified information will have to meet to bid on contracts, is expected to enter the pilot stage with select contracts later this year. Who is affected? Naturally major contractors but also and most importantly everyone and I mean everyone who is in the supply chain. If you drill holes for Lockheed, you must comply. 

Next Level Systems is dedicated to helping small and medium sized businesses to work toward compliance thus giving them an edge in competitive bidding situations. If you do any defense work you must comply this year. 

 

Brian O'Connor

boconnor@nextlevelsys.com

Alan Knapp

Business Consultant at Next Level

3 å¹´

Great article good info MUST READ

赞
回复

要查看或添加评论,请登录

Brian O'Connor的更多文章

  • CMMC2 is it real?

    CMMC2 is it real?

    So, for 3 or more years we have been hearing from many sources that CMMC is here or right around the corner. Everyone…

    2 条评论
  • What is your CMMC2 Score?

    What is your CMMC2 Score?

    CMMC2 Cybersecurity Maturity Model Certification What is your Score? If your first thought was what do you mean by…

    1 条评论
  • What is CMMC2 what does it mean

    What is CMMC2 what does it mean

    ood News..

  • CMMC too expensive we can help we have automated it. Demos upon request

    CMMC too expensive we can help we have automated it. Demos upon request

    How to use software 1. Answer all 130 NIST800-171 pre-assessment questions & the System Security Plan questions.

    1 条评论
  • IOT increases your attack surfaces

    IOT increases your attack surfaces

    With the growth of the internet of thing we have increased the attacked surfaces available to any would be hacker. We…

    1 条评论
  • Security in Depth does not work read the Newspapers.

    Security in Depth does not work read the Newspapers.

    CISA has seen an APT actor using compromised applications in a victim’s Microsoft 365 (M365)/Azure environment. CISA…

    1 条评论
  • We're all set. We are in the cloud

    We're all set. We are in the cloud

    Sounds wonderful no need to do anything for CMMC; after all, you are completely compliant with your implementation of…

    2 条评论
  • "CMMC no problem there is plenty of Time"

    "CMMC no problem there is plenty of Time"

    I am sure anyone who has brought up the subject of CMMC has heard the above comment. Let's take a look at the major…

    1 条评论
  • Cybersecurity Maturity Model Certification Timing of Events

    Cybersecurity Maturity Model Certification Timing of Events

    The current timelines (as of October 2020) are: 1.Mid 2020: 3rd party auditors begin applying for accreditation 2.

  • Maturity Model Certification CMMC "We are all set"

    Maturity Model Certification CMMC "We are all set"

    "We are in the Cloud CMMC is no problem"..

    1 条评论

社区洞察

其他会员也浏览了