This is an original article from Cre8tive Technology and Design.
There are five different tiers of CMMC, depending on your level of involvement with the federal government. The levels of CMMC range from “Basic Cybersecurity Hygiene” all the way up to “Advanced/Progressive.” The level of CMMC that you may need for your business will depend if contracts you want to bid on have to do with classified or unclassified DoD information. The level of CMMC required for contracts will be defined in Requests, for Information and Requests for Proposals provided by the DoD.
The Office of the Under Secretary of Defense says that levels 1-3 already encompass the 100 security requirements specified in NIST SP 800-171 rev1, but also “incorporates additional practices and processes from other standards such as NISTS SP 800-53, AIA NAS9933” and others. You may already be at the level of CMMC that you need.
Once you decide on the level of CMMC that is appropriate for your business, you’ll want to audit your current cybersecurity practices and look for any potential gaps and vulnerabilities.
What are of your current data storage workflows? What kind of password an multi-factor authentication does your company utilize? What kind of proactive threat monitoring do you practice?
These are just some of the questions you should ask yourself ahead of your third-party CMMC audit, and things you will want to remedy if you identify any gaps.
CMMC is not just a one-time certification or challenge, but something your entire enterprise has to embrace if it is going to be competitive in winning DoD contracts.
Cybersecurity threats are constantly evolving, which means regular training from the shop floor to the boardroom is paramount to maintain CMMC compliance.
The NIST 800-171 standard, which CMMC builds upon, already has regular training for certain employees as a requirement, so you may already be doing this. However, establishing regular training sessions company-wide is a healthy cybersecurity practice, regardless of the CMMC tier you are looking to achieve.
As we mentioned earlier, cybersecurity threats in the aerospace & defense industry are constantly becoming more elaborate and difficult to detect. An industry expert can help protect your company from cybersecurity attacks with protocols to boost your security. Contact us today to learn more.
Department of Defense prime contractors and subcontractors are required achieve Cybersecurity Maturity Model Certification (CMMC) by 2025 in order to earn or retain DoD contracts. IMEC is offering a 15-part CMMC Cybersecurity Training Series for Manufacturers will guide you through the process towards CMMC certification, verifying to the DoD that you have adequate cybersecurity controls and policies in place to meet DoD security standards.
Live, virtual training begins July 7, and will meet monthly through September 2022. This series will: