You Can’t Stop CMMC, Any More Than You Can Stop The Suns From Setting
Rea & Associates is excited to announce the new webinar series, Security Wars. Each session of Security Wars covers a specific facet of the Cybersecurity Maturity Model Certification (CMMC), which is a new certification required of all Department of Defense (DoD) contractors. The new requirements can be difficult to understand so, in the meantime, here’s what you need to know to prepare for CMMC certification.
What is the Cybersecurity Maturity Model Certification (CMMC)?
The DoD recently adopted the CMMC, a new standard for the Defense Industrial Base (DIB). The CMMC certifies cybersecurity compliance for government contractors. As a part of the process, all DoD contracts will have to demonstrate cybersecurity through an audit and a certification from a third-party auditor.
While independent compliance audits for CMMC Certification are yet to roll out, most government vendors must complete a self-assessment on a DoD web portal as of Dec. 1. The self-assessment addresses what specific security controls in NIST Special Publication 800-171 vendors comply with, and applies to all DoD vendors whether they’re bidding on new or renewed government-related contracts.
What Steps Should I Take to Begin the Self-Assessment Process?
Vendors involved in any kind of government contract must complete the DoD’s self-assessment and submit their score. Businesses that are already subject to NIST 800-171 CUI should continue their compliance work and submit their score.
If you are uncomfortable with completing the self-assessment or evaluating your compliance, it’s essential that you hire an outside professional. Rea & Associates can immediately assist any entity with the self-assessment via interviews and templates.
Understanding and Preparing for CMMC Certification
Rea & Associates is committed to helping our clients understand CMMC assessment and compliance. To do this, we’ve partnered with Etactics to create the webinar series, Security Wars. To get a comprehensive explanation of CMMC certification, view the following sessions of Security Wars:
- A New Goal: CMMC – (Recorded on April 2 – on-demand recording is available)
- Return of The Process – (Recorded on May 4 – on-demand recording is available)
- Culture Strikes Back – (Recorded on June 2nd – on-demand recording is available)
Each session of Security Wars covers our recommended three-step process for setting your organization up for success. Security Wars is expert-led and features JP Cervo, regional sales manager at Etactics, and Ty Whittenburg.
By Paul Hugenberg, CISSP, CRISC, CISA, principal and director of cybersecurity services