CYBERSECURITY MATURITY MODEL CERTIFICATION (CMMC)
Cyberattacks pose a real threat to our national security and Defense Industrial Base (DIB). The Department of Defense (DoD) has formulated a framework to combat these threats, called Cybersecurity Maturity Model Certification (CMMC). This framework is a cohesive mix of multiple cybersecurity requirements, aiming to replace NIST SP 800-171. Mature cybersecurity processes and practices will serve as the foundation for CMMC and DoD contracting. Contractors and subcontractors will need to possess the proper CMMC certification in late 2020 to bid on Request for Proposals.
- 17 Security Controls
- 46 Additional Security Controls
- 47 Additional Security Controls in addition to the completion of the first two levels
- Equivalent to the 110 controls in NIST SP 800-171
- 26 More Controls in Addition to NIST 800-171
- 30 More Controls in Addition to NIST 800-171
Who Needs to Be Compliant?
Small, medium and large businesses contracting with the DoD, are required to comply with NIST SP 800-171. It can become a herculean task for small businesses to keep up with costs and efforts needed to comply with NIST. On the other hand, CMMC will be cost-effective for small businesses to achieve the minimum Level 1 requirement, whereas larger businesses must achieve the Level 3 requirement.
CMMC is a third-party certification system which means contractors no longer can self-certify their compliance. This new framework will reduce the confusion when determining compliance, and aid in reducing the risk of False Claims Act (FCA) liability.
Charles IT Can Help by Utilizing Our Two Step Process!
Step 1: Gap Assessment
Before your business is audited and receives its maturity level certification, there is a step you should take to ensure you meet the level that is required. This important step is called a Gap Assessment, this assessment will determine the “gaps” or holes in your business’s security posture and show you what you need to do to fill those gaps.
Charles IT wants to help make sure you’re compliant so that you can to take on the contracts that are critical to your business. Whichever level you are looking to achieve, a Gap Assessment should be performed so there are no surprises come audit time. Let us assess all the gaps in your cybersecurity posture and devise a plan to remediate them so you can be on your way to a CMMC certification.
Step 2: CMMC Services
Our Security Services Include:
- Backup and Disaster Recovery services, critical to your document management and storage requirements
- Dark Web Monitoring for notifications of credentials that are publicly available
- Endpoint Encryption to prevent sensitive information from being stolen or decrypted
- External Vulnerability Scanning for notifications on any potential threats to your network
- Security Awareness to educate employees on best practices to safeguard sensitive information
- SIEM core and endpoint protection for potential breach notification requirements