You’ve implemented NIST 800-171. Next up is Cybersecurity Maturity Model Certification (CMMC). It is the next generation of protection for data shared within the U.S. Defense Industrial Base (DIB).
Cybersecurity Maturity Model Certification (CMMC) is a framework that the Department of Defense developed to ensure that contractors and subcontractors achieve and maintain predetermined levels of compliance to protect fedral contract information (FCI) and controlled unclassified information (CUI).
CMMC is designed to enhance security of FCI and CUI to thwart any country or person acting with malicious intent.
Any organization that handles FCI or CUI as part of its work as a contractor, subcontractor or supplier to the U.S government will need to attain CMMC certification.
Future government contracts will say whether an organization will need to be certified at level 1, 2 or 3. To be compliant, organizations will identify what level of certification they need and either self attest or apply for an auditor to help.
At CMMC Level 1, basic safeguarding requirements are in place (such as antivirus software and physical security). Organizations who wish to achieve certifications at this level must implement 17 controls of NIST 800-171.
At CMMC Level 2, assessors will ensure security requirements for CUI specified in NIST 800-171 are implemented.
CMMC Level 3 is focused on reducing the risk from Advanced Persistent Threats (APTs). The DoD is still determining the specific security requirements for the Level 3, but has indicated that its requirements will be based on NIST 800-171 110 controls plus a subset of NIST 800-172 controls.
It can take months to become fully compliant and the controls outlined in NIST 800-171 provide the basis for CMMC compliance.
Questions About Cybersecurity Maturity Model Certification (CMMC) 2.0? A cybersecurity expert explains what’s new and what it means.
Why is it important to prepare now for CMMC (Cybersecurity Maturity Model Certification)? Organizations that meet the cybersecurity policies during CMMC assessment will qualify for opportunities to bid on government contracts and subcontracts.
Read this article to find out what NIST 800-171 is, what you need to do, and how it ties to CMMC.
1. Fill out the form to connect with us.
2. We will reach out to have a discovery call to see how we can help.
Your trust is paramount to us. Your information is kept confidential, and we promise a respectful communication approach – no intrusive calls or emails.
