The US Department of Defense (DoD) handles classified and unclassified information, but the DoD also deals with contractors outside of the government apparatus who are permitted access to certain information. Given the sensitivity of the information being used, it is imperative that contractors have cybersecurity mechanisms in place. The DoD created the Cybersecurity Maturity Model Certification (CMMC) in order to create a federal standard for data controls.
As before, contractors remain responsible for protecting and securing the information they use, but now with the introduction of the CMMC, there is a standard to which these contractors can adhere to, and, once compliant, can achieve a certification. The CMMC sets and clarifies the technical regulations contractors should be following so that their information systems do not remain vulnerable to cyber threats and attacks.
The CMMC framework has five levels that a company can meet in order to demonstrate its system’s cybersecurity protocols. The first level concerns “basic” measures such as those prescribed by the NIST 800-171 requirements, which include measures like limiting unsuccessful login attempts. The second level has additional NIST 800-171 requirements so that controlled unclassified information (CUI) remains secure. The third level stipulates having a company-wide management plan for cybersecurity practices relating to CUI. The fourth level requires the company to routinely test and review its cybersecurity practices to ensure its procedures and protocols are sufficient to defend against threats. Finally, the fifth level is the highest level and requires the company to have in place a tested and appropriate cybersecurity management system.
Achieve CMMC Compliance Today:
With the new system in place, contractors and others involved in the supply chain will have to meet the CMMC level required for the work. Contractors should already have a system in place for cybersecurity and other data security systems, but it is important that the existing (or new) system complies with the required CMMC level. This is where we come in. CDG will ensure your systems and protocols are meeting the necessary CMMC standards. Our team can help establish the cybersecurity system you need.
If you are interested in learning more about how we can help with CMMC Compliance, please call us or fill out the contact form provided. We look forward to helping you.
ISO27001 is an international standard for information security, published by the International Organization for Standardization. Organizations that meet ISO27001 criteria can be certified against the standard to demonstrate their ongoing commitment to data protection and information security.
SOC2 was developed by the AICPA for managing customer data based on “trust service principles”. SOC2 is primarily used for companies operating within the United States.
CMMC is a standard for organizations in the United States which work with the Department of Defense (DoD). The CMMC covers the cybersecurity controls for Confidential Unclassified Information (CUI).
In order to prevent mass variance, the National Institute of Standards and Technology (NIST) – a non-regulatory part of the Department of Commerce – constructed a set of standards for all federal agencies to follow: the NIST Special Publication 800-53.
The Health Insurance Portability and Accountability Act is a US law enacted in1996 which governs the data protection and privacy of health records.
The European General Data Protection Regulation is a data protection and privacy regulation for EU citizens. Any company operating within the EU borders must conform to this regulation.
The California Consumer Protection Act is a California data protection and privacy law for residents of California. Most companies which hold information on California residents are subject to this regulation.
The CIS 20 is a list of 20 actions and practices an organization’s security team can take on such that cyberattacks, or threats, are minimized and prevented.
We protect our clients from cyber criminals, and we create robust security programs which can withstand current and future threats.