You have probably heard about Cybersecurity Maturity Model Certification lately, especially while looking for work in the Federal system. In a previous article, we talked a little about a new set of standards to meet in addition to NIST. As we mentioned, Cybersecurity Maturity Model Certification, or CMMC, is basically an extension of NIST 800-171. Today we’re going to go into a little more detail on what’s involved in meeting CMMC compliance and how V2 Systems can help you achieve certification.
CMMC Is a DoD Requirement
As we mentioned before, if you plan on doing any business at all with the Department of Defense, you need CMMC certification. The CMMC is the DoD’s next step to ensure and enhance the scope of cybersecurity for national security data and networks following the Defense Federal Acquisition Regulation Supplement (DFARS) issued in 2016. This scope covers a total of 17 areas of importance:
- Access Control
- Asset Management
- Audit and Accountability
- Awareness and Training
- Configuration Management
- Identification and Authentication
- Incident Response
- Maintenance
- Media Protection
- Personnel Security
- Physical Security
- Recovery
- Risk Management
- Security Assessment
- Situational Awareness
- Systems and Communications Protection
- System and Information Integrity
These 17 points comprise five “levels” that make up your entire security rating, ranging from basic habits to advanced security operations.
If that sounds like a lot, that’s because it is. And what’s more, there is no “self-certification” when it comes to CMMC, like there is with NIST 800-171. Your organization will coordinate directly with an accredited and independent third-party commercial certification organization to request and schedule a CMMC assessment.
Here’s How You Can Prepare for a CMMC Assessment
The best thing an organization can do to prepare for a CMMC assessment is to first create what NIST refers to as a System Security Plan, or SSP. An SSP basically outlines your entire security structure. NIST has provided an SSP template which can be found here. Once your SSP is fully outlined, it’s time to start identifying weak spots and – most importantly — lay out how you plan to correct them. These are known as Plan of Action and Milestones (POAM) and will link directly back to each area covered in CMMC.
All of this may seem like a lot, but it’s completely necessary. Anyone who does not meet the requirements for CMMC will not be able to do business with the Department of Defense in any way — and that’s a huge deal for many. Contact us today at 703-396-6120, and we’ll help you through a plan of action to meet these complex requirements. The less you have to worry about it, the more time you can spend focusing on what matters most to you and your organization.
Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Concentrate on your VISION…We’ll handle the TECHNOLOGY!