New Security Regulation – Cybersecurity Maturity Model Certification (CMMC)

Cybersecurity Maturity Model Certification

Changes are on the horizon for the Department of Defense (DoD) and its contractors. Late last year, the DoD announced the Cybersecurity Maturity Model Certification (CMMC), which officially released in January. The second phase of CMMC regulations will go into effect this September.

The DoD will implement the CMMC in requests for information (RFIs) starting in June of this year. Requests for proposals (RFPs) are next, seeing this new cybersecurity regulation in September 2020. With this date fast approaching, here’s a closer look at what the CMMC regulations are and what companies can expect.

What Does the CMMC Cover?

The CMMC is a new set of standards required by the DoD, replacing its old framework, the Defense Federal Acquisition Regulation Supplement (DFARS). Instead of establishing one overarching standard, the CMMC regulations include five different levels of certification. If a contractor meets higher levels of CMMC standards, they can bid for more sensitive contracts.

The first level, which the CMMC labels “basic cyber hygiene,” is equivalent to the Federal Acquisition Regulation (FAR). Its requirements include things like:

  • Antivirus software.
  • Ad hoc incident response.
  • Regular password changes.

Level two requires 72 practices, as opposed to level one’s 17. It covers:

  • 48 practices from the NIST SP 800-171 r1.
  • Complete compliance with FAR.
  • Seven additional requirements, like risk management training.

The third level is what the CMMC calls “good cyber hygiene.” It includes:

  • Complete FAR compliance.
  • Complete NIST SP 800-171 r1 compliance.
  • 20 other practices, like multi-factor authentication.

Level four of CMMC regulation includes proactive security measures. It covers 156 practices like:

  • FAR and NIST SP 800-171 r1 compliance.
  • Threat hunting.
  • Data loss prevention (DLT) software.

The fifth and final level of the CMMC is required for the most sensitive contracts. It includes:

  • FAR and NIST SP 800-171 r1 compliance.
  • A security operations center (SOC) that operates 24/7.
  • Real-time asset tracking.

Who Does the CMMC Affect?

These CMMC regulations apply to all contractors working with the DoD, including both prime contractors and subcontractors. If the same organizations keep doing business with the DoD, that means more than 300,000 companies will have to meet these standards. No contractors are exempt from certification.

With previous regulations, companies could self-assess the extent of their security protocols. The CMMC, however, requires audits from certified third parties. These third parties can start their assessments as of June, giving contractors plenty of time to meet CMMC regulations by September.

Changing the Landscape of Cybersecurity

Cybersecurity Maturity Model Certification (CMMC)

The CMMC represents a significant shift in the Government‘s stance on cybersecurity. That’s not to say that the government ignored cybersecurity in the past, as regulations like the FAR demonstrate. CMMC regulations, though, go much farther, signifying that the State is taking cybersecurity more seriously.

This increase in security standards is a reactionary measure to rising cyberthreats, some of which the United States government has seen firsthand. Just this February, a DoD data breach might have compromised up to 200,000 service people’s records, like social security numbers. Government organizations are prime targets for cybercriminals, so updated cybersecurity is a must.

Now that the DoD requires higher standards from its contractors, this could cause a broader shift. Private companies could follow suit, asking more of their business partners. If this trend continues, it will lead to a more highly regulated and safer industry.

Robust Cybersecurity Isn’t Optional

It’s no longer an option for companies to pass up on well-rounded cybersecurity measures. As the business world becomes more concerned with cybersecurity, weak points can become economic disadvantages as well. The coming CMMC regulations are likely just the first sign of this broader change.

Requiring higher standards for contractors will improve security for everyone involved. The Cybersecurity Maturity Model Certification is just an answer to changing needs.

By Kayla Matthews

Patrick Joggerst

Why Platforms Matter as UCaaS Adoption Continues to Soar

UCaaS Adoption Continues to Soar Industry analysts agree – the unified communications-as-a-Service (UCaaS) market will continue to grow by leaps and bounds in 2020 and ...
Kevin Ovalle Anderson Frank

How cloud-based business management can help an SMB go global

Global SMB Business Management Most companies today are familiar with the cloud; using software-as-a-service (SaaS) apps and customer relationship management (CRM) for years. However, many ...
David Gevorkian

Why Web Accessibility is Important and How to Avoid Lawsuits

Why Web Accessibility is Important In today’s digitally driven world, those with disabilities are normally the ones experiencing difficulties when using and navigating the web ...
Ajay

The Quest to Bring Computers to People – Personal Computing

The quest to bring computers to people,' rather than people to computers" resulted in the invention of Personal Computer The world changed its direction a ...
Steve Prentice

Episode 5: How the Pandemic is Changing Business and the Cloud

An Interview with Ed Dryer of Steadfast With the global pandemic wreaking havoc on business and society, everything is changing. Ed Dryer, Senior Technology Strategist ...
Mary

Leveraging Carrier Ethernet For A Better Connection

Leveraging Carrier Ethernet Determining the Best Cloud Connectivity Solution With the Cloud only being as good as employees’ ability to effectively access it, the overall ...
Brad Thies

SOC Reporting Requirements You Need to Know in a Cloud Environment

SOC Reporting Requirements Security lapses in some of the world's biggest companies continue to appear in news headlines, and information security is top of mind ...
Chandani Patel

Design Practices: AWS IoT Solutions

AWS IoT Solutions Internet of Things (IoT) presents an unparalleled opportunity for every industry to address their business challenges. With the proliferation of devices, one ...
Figure4

DevOps – Secure and Scalable CI/CD Pipeline with AWS

Secure and Scalable CI/CD Pipeline According to Gartner, a leading research company, worldwide public cloud revenue will grow by 17.3 percent in 2019. Total spending ...
Cloud Based Accounting

How Cloud Has Changed The Modern Accounting

Modern Accounting The modern-day accounting has come a long way from the times when the financial information existed only on paper. Today, advancement in technology ...