The IT Support Education Center
The most educational business technology blog for Southern California executives, featuring insider tips, articles, and videos on how to get the best IT results.
As a Registered Provider Organization working with California manufacturers to attain CMMC compliance, we’ve discovered an area of weakness that we see time and time again – the lack of effective security policies. In fact, in many cases, policies don’t exist at all.
It’s tempting to think that just because business is rolling along as it always has been with your Department of Defense (DoD) customers that you can continue to delay getting started with CMMC compliance.
Optimize your business's IT function, understand proper - and cost effective - IT staffing, and learn from the mistakes others have made.
Cybercrime and data theft pose threats in every sector of our lives, and the government and the military are no exception. That is why the Department of Defense (DOD) enacted the Cybersecurity Maturity Model Certification (CMMC) program in January 2020, which requires all organizations in the supply chain with the DOD to have their posture audited by an approved assessor.
When you engage a consultant to guide you through CMMC compliance, you’re going to lessen your stress load as they walk you through the steps towards submitting your self-assessment and ultimately, prepare you for your audit.
If you manage IT at your company, then you have a lot of roles to fill. Whether you have a small team or it's just you, you could be asked to be the network administrator, help desk technician, IT project manager, business analyst, cyber security expert, and more at any given moment. And if your company needs to comply with the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC), you're likely going to get another role tacked onto your responsibilities.
The word “Maturity” is part of the Cybersecurity Maturity Model Certification for a reason. Essentially, the Department of Defense wants their chain of suppliers to “grow up” in their security. When companies act like “grown-ups” in the way that they manage cyber risk, they’re a lot more serious about their responsibilities and they’re accountable for the outcome.
When you get started on your journey to Cybersecurity Maturity Model Compliance (CMMC), one of the first things that you’ll need to do is to perform a gap analysis. A CMMC gap analysis lets you know where your security controls are good and where you have, well… gaps. If you have expertise with NIST 800-171 security regulations along with a lot of extra time, then there’s no reason why you can’t do a DIY gap analysis, but many companies are finding that a facilitated gap analysis is more efficient and actually saves money in the long run.
When you’re trying to understand what you’re supposed to do to follow Cybersecurity Maturity Model (CMMC) regulations, there’s a lot of information to digest. A lot. Unless you want to make CMMC compliance your full-time job, it would be nice to have all that information boiled down so that you get to the point where you can act. You must act because if you haven’t, you’re already late. Last year the DoD communicated with companies in their supply chain with a request to submit a CMMC Self-Assessment by the end of 2020, yet many companies have not been able to do that. Why? For many it’s a lack of knowledge and training to interpret CMMC into action.
If you’re in the Department of Defense supply chain, you know that there are new cyber security requirements coming down the pipe. Full Cybersecurity Maturity Model Certification (CMMC) compliance is rolling out to the top 15 DoD prime contractors and their subcontractors in 2021. By 2025 this will spread out to the whole network of suppliers. If you’re not in the top 15, you still have things to do right now.
(February 17, 2021 – Rancho Cucamonga, CA) Accent Computer Solutions, Inc. is now a CMMC Registered Provider Organization (RPO) in Southern California. The company has been helping organizations reach and maintain their NIST cyber security framework requirements for many years, and has taken the next steps to demonstrate CMMC proficiency. Corey Kaufman is the company’s first Registered Practitioner (RP), trained to consult with companies regarding Cybersecurity Maturity Model Certification (CMMC) compliance. The company will have four more RPs by March 2021.