The IT Support Education Center
The most educational business technology blog for Southern California executives, featuring insider tips, articles, and videos on how to get the best IT results.
The Department of Defense (DoD) has released a new version of Cybersecurity Maturity Model Certification (CMMC) requirements for their supply chain. The new CMMC version (referred to as CMMC 2.0) has been drafted in response to more than 850 responses that the DoD received during the public comment period following the release of the initial 1.0 version.
As a Registered Provider Organization working with California manufacturers to attain CMMC compliance, we’ve discovered an area of weakness that we see time and time again – the lack of effective security policies. In fact, in many cases, policies don’t exist at all.
Optimize your business's IT function, understand proper - and cost effective - IT staffing, and learn from the mistakes others have made.
It’s tempting to think that just because business is rolling along as it always has been with your Department of Defense (DoD) customers that you can continue to delay getting started with CMMC compliance.
Cybercrime and data theft pose threats in every sector of our lives, and the government and the military are no exception. That is why the Department of Defense (DOD) enacted the Cybersecurity Maturity Model Certification (CMMC) program in January 2020, which requires all organizations in the supply chain with the DOD to verify their security posture.
When you engage a consultant to guide you through CMMC compliance, you’re going to lessen your stress load as they walk you through the steps towards submitting your self-assessment and ultimately, prepare you for your audit.
If you manage IT at your company, then you have a lot of roles to fill. Whether you have a small team or it's just you, you could be asked to be the network administrator, help desk technician, IT project manager, business analyst, cyber security expert, and more at any given moment. And if your company needs to comply with the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC), you're likely going to get another role tacked onto your responsibilities.
The word “Maturity” is part of the Cybersecurity Maturity Model Certification for a reason. Essentially, the Department of Defense wants their chain of suppliers to “grow up” in their security. When companies act like “grown-ups” in the way that they manage cyber risk, they’re a lot more serious about their responsibilities and they’re accountable for the outcome.
When you get started on your journey to Cybersecurity Maturity Model Compliance (CMMC), one of the first things that you’ll need to do is to perform a gap analysis. A CMMC gap analysis lets you know where your security controls are good and where you have, well… gaps. If you have expertise with NIST 800-171 security regulations along with a lot of extra time, then there’s no reason why you can’t do a DIY gap analysis, but many companies are finding that a facilitated gap analysis is more efficient and actually saves money in the long run.
When you’re trying to understand what you’re supposed to do to follow Cybersecurity Maturity Model (CMMC) regulations, there’s a lot of information to digest. A lot. Even with the new simplified 2.0 version of CMMC that the Department of Defense (DoD) released in November 2021, interpreting requirements and how exactly your company is going to meet them is still new territory for most executives and their IT managers. Unless you want to make CMMC compliance your full-time job, it would be nice to have all that information boiled down so that you get to the point where you can act. You must act because if you haven’t, you’re already late. Last year the DoD communicated with companies in their supply chain with a request to submit a CMMC System Security Plan by the end of 2020, yet many companies have not been able to do that. Why? For many, it’s a lack of knowledge and training to interpret CMMC into action.
If you’re in the Department of Defense supply chain, you know that there are new cyber security requirements coming down the pipe with Cybersecurity Maturity Model Certification (CMMC). In November 2021, a new 2.0 version was released. While the new version is intended to simplify requirements and the compliance process for small to medium-sized businesses, it’s still a big job for suppliers to get their arms around exactly what they need to do and when. That’s where a Registered Practitioner (RP) comes in.