The Growing Threat of Email Phishing: How to Protect Your Business Email phishing has become one of the most common and dangerous cyber threats businesses face. From small startups to large enterprises, no company is immune to phishing attacks, which can lead to...
What is CMMC?
The Cybersecurity Maturity Model Certification Explained
The Cybersecurity Maturity Model Certification (CMMC) is a program mandated by the Department of Defense (DoD) to verify the cybersecurity of its supply chain. All contractors and sub-contractors in the DoD’s supply chain, except for commercial-off-the-shelf product providers, will have to meet specific compliance requirements. Some will need a certification, whereas some will need to provide self-attestation.
The Defense Industrial Base (DIB) is often the target of complex cyberattacks. Protecting intellectual property and national security has become a point of extreme focus for the DoD. Maintaining this security throughout not only the primary DoD contracts but also all the way down the supply chain is why CMMC has become a necessary step.
CMMC Model 2.0, which was announced in November of 2021, was designed to achieve these primary goals:
- Safeguard sensitive information to enable and protect the warfighter.
- Enforce DIB cybersecurity standards to meet evolving threats.
- Ensure accountability while minimizing barriers to compliance with DoD requirements.
- Perpetuate a collaborative culture of cybersecurity and cyber resilience.
- Maintain public trust though high professional and ethical standards.
Who must obtain CMMC?
The type of data you handle in your contracts determines the level of certification you need. If you deal with Controlled Unclassified Information (CUI), certification is necessary. For Federal Contract Information (FCI), self-attestation suffices. The certification level depends on the data you handle. If you’re already compliant with NIST SP 800-171, the Cybersecurity Maturity Model Certification (CMMC) serves as the verification process for your compliance, offering different levels of certification based on your cybersecurity maturity. However, if you only sell Commercial off the Shelf (COTS) products to the Department of Defense (DoD) without dealing with FCI or CUI, CMMC certification isn’t needed.
How do you achieve certification?
The DoD has streamlined certification to a three-tiered model. Level one will require an annual self-assessment and an annual affirmation, level two will require triennial third-party assessments for critical national security information and for select programs an annual self-assessment. Finally, level three will require triennial government-led assessments. CMMC 2.0 will become a contract requirement once rulemaking is completed.
Further CMMC 2.0 Reading
Stay a while. We have plenty to read.
What is Phishing & BEC?
SharePoint Version Control Best Practices
Unlocking the Power of SharePoint Version Control In today's digital workplace, managing document revisions without losing track of the progress is a common challenge. Fortunately, SharePoint offers a version control system that can transform how your team handles...
Intune: Empower Your Workforce
Intune In today’s fast-paced business environment, ensuring your team has secure and efficient access to work resources from any location is critical. Microsoft Intune offers a robust, cloud-based solution for managing mobile devices, providing unparalleled benefits...
SharePoint Security Features
Robust security features Enhancing Organizational Security with SharePoint's Robust Features In an era where data breaches and cyber threats are increasingly common, maintaining high security standards is something organizations are always thinking about. It may even...