New Security Regulation – Cybersecurity Maturity Model Certification (CMMC)

Cybersecurity Maturity Model Certification

Changes are on the horizon for the Department of Defense (DoD) and its contractors. Late last year, the DoD announced the Cybersecurity Maturity Model Certification (CMMC), which officially released in January. The second phase of CMMC regulations will go into effect this September.

The DoD will implement the CMMC in requests for information (RFIs) starting in June of this year. Requests for proposals (RFPs) are next, seeing this new cybersecurity regulation in September 2020. With this date fast approaching, here’s a closer look at what the CMMC regulations are and what companies can expect.

What Does the CMMC Cover?

The CMMC is a new set of standards required by the DoD, replacing its old framework, the Defense Federal Acquisition Regulation Supplement (DFARS). Instead of establishing one overarching standard, the CMMC regulations include five different levels of certification. If a contractor meets higher levels of CMMC standards, they can bid for more sensitive contracts.

The first level, which the CMMC labels “basic cyber hygiene,” is equivalent to the Federal Acquisition Regulation (FAR). Its requirements include things like:

  • Antivirus software.
  • Ad hoc incident response.
  • Regular password changes.

Level two requires 72 practices, as opposed to level one’s 17. It covers:

  • 48 practices from the NIST SP 800-171 r1.
  • Complete compliance with FAR.
  • Seven additional requirements, like risk management training.

The third level is what the CMMC calls “good cyber hygiene.” It includes:

  • Complete FAR compliance.
  • Complete NIST SP 800-171 r1 compliance.
  • 20 other practices, like multi-factor authentication.

Level four of CMMC regulation includes proactive security measures. It covers 156 practices like:

  • FAR and NIST SP 800-171 r1 compliance.
  • Threat hunting.
  • Data loss prevention (DLT) software.

The fifth and final level of the CMMC is required for the most sensitive contracts. It includes:

  • FAR and NIST SP 800-171 r1 compliance.
  • A security operations center (SOC) that operates 24/7.
  • Real-time asset tracking.

Who Does the CMMC Affect?

These CMMC regulations apply to all contractors working with the DoD, including both prime contractors and subcontractors. If the same organizations keep doing business with the DoD, that means more than 300,000 companies will have to meet these standards. No contractors are exempt from certification.

With previous regulations, companies could self-assess the extent of their security protocols. The CMMC, however, requires audits from certified third parties. These third parties can start their assessments as of June, giving contractors plenty of time to meet CMMC regulations by September.

Changing the Landscape of Cybersecurity

Cybersecurity Maturity Model Certification (CMMC)

The CMMC represents a significant shift in the Government’s stance on cybersecurity. That’s not to say that the government ignored cybersecurity in the past, as regulations like the FAR demonstrate. CMMC regulations, though, go much farther, signifying that the State is taking cybersecurity more seriously.

This increase in security standards is a reactionary measure to rising cyberthreats, some of which the United States government has seen firsthand. Just this February, a DoD data breach might have compromised up to 200,000 service people’s records, like social security numbers. Government organizations are prime targets for cybercriminals, so updated cybersecurity is a must.

Now that the DoD requires higher standards from its contractors, this could cause a broader shift. Private companies could follow suit, asking more of their business partners. If this trend continues, it will lead to a more highly regulated and safer industry.

Robust Cybersecurity Isn’t Optional

It’s no longer an option for companies to pass up on well-rounded cybersecurity measures. As the business world becomes more concerned with cybersecurity, weak points can become economic disadvantages as well. The coming CMMC regulations are likely just the first sign of this broader change.

Requiring higher standards for contractors will improve security for everyone involved. The Cybersecurity Maturity Model Certification is just an answer to changing needs.

By Kayla Matthews

Juan Pablo Perez Etchegoyen

The S/4 HANA Decade is Here: Three Tips for a Successful Migration

Three Migration Tips For organizations using SAP, migrating to S/4 HANA is a project that’s either in the works or on the horizon as the 2027 deadline for completion looms. The new generation of SAP ...
Gary Bernstein

AWS General Release of Amplify Flutter

The AWS General Release of Amplify Flutter The Amazon Web Service has announced that the Amplify Flutter is now generally available in a way to help make flutter apps easier and more accessible. According to ...
Digital Theft

Cross-Site Scripting – Why Is It A Serious Security Threat For Big Data Applications?

Security Threat And Big Data Applications (Updated August 11th, 2020) IBM, Amazon, Google, Yahoo, Microsoft - and the list goes on. All these leading IT enterprises have been affected by Cross-Site Scripting (XSS) attacks in ...
Gary Taylor

5 Reasons Why Virtual Desktop Infrastructure Will Go Mainstream Post 2020

Virtual Desktop Infrastructure Growth Virtual Desktop Infrastructure (VDI) technology enables remote users to access their desktop from anywhere using an internet connection. This technology has been around for a couple of decades but never received ...
ISC2 Webinar

Key Results from the 2021 Cloud Security Report

2021 Cloud Security Report The 2021 Cloud Security Report, sponsored by (ISC)2, explores current cloud security trends and challenges, how organizations are responding to security threats in the cloud and reveals tools and best practices ...

PROXY SERVICES

The CloudTweaks technology lists will include updated resources to leading services from around the globe. Examples include leading IT Monitoring Services, Bootcamps, VPNs, CDNs, Reseller Programs and much more...

  • Smartproxy

    Smartproxy

    Smartproxy is a rising star in the constantly growing proxy market. Smartproxy offers awarded customer service, impressive performance, and is serious about your anonymity (yes, cybersecurity matters). The latest features developed by Smartproxy are 30 minute long sticky sessions and Google Proxies. Rumor has it, the latter guarantee 100% success rate

  • Bright Data

    Bright Data

    Bright Data’s network is one of the most robust of its kind globally. Here are its stark advantages: Extremely stable connection for long sessions (99.99% uptime guaranteed). Free to integrate with our Proxy Manager which allows you to define custom rules for optimized results. Send unlimited concurrent requests increasing speed, cost-effectiveness, and overall efficiency.

  • Rsocks

    Rsocks

    RSocks team offers a huge amount of residential plans which were developed for plenty of tasks and, most importantly, has been proved to be quite efficient. Such variety has been created on purpose to let everyone choose a plan for a reasonable price, online, rotation and other parameters.

  • Storm Proxies

    Storm Proxies

    Storm Proxies' network is optimized for high performance and fast multi-threaded tools. You get unlimited bandwidth. No hidden costs, no limits on bandwidth. Try Storm Proxies 100% Risk Free. If you are not happy with the service email us within 24 hours of purchase and we will refund you.