Proudly serving Virginia, Maryland and DC // Call us today! 703.396.6120
V2 SystemsV2 Systems
You Need More Than NIST. You Also Need CMMC Compliance.

by Erik Briceno

In previous blogs, we’ve outlined NIST 800-171 standards and why it’s important to follow them. The next evolution of NIST for 2020 is the CMMC — Cybersecurity Maturity Model Certification — and there’s a deadline to adopt it that’s coming up fast. What exactly is it and how can you comply with these additional standards? Let’s take a look.

What is CMMC and What Does It Have to Do With NIST?

Cybersecurity Maturity Model Certification (CMMC) can be seen as an extension of NIST 800-171. This new cybersecurity certification is built upon NIST 800-171 and seeks to make sure the appropriate levels of security are in place to help protect networks connected to the Department of Defense. If you plan on working for the DOD, even as a contractor, being NIST 800-171 compliant is a requirement. One of the key differences is that organizations can self-attest that they are compliant, without needing any certification or actual proof. As a result, actual compliance was found to be lacking overall. So now, assessment is required by a third party in order to determine true cybersecurity “maturity,” hence the birth of CMMC.

How Long Do You Have to Adopt CMMC?

As mentioned above, this is coming up very quickly. The deadline for Cybersecurity Maturity Model Certification is in fall of this year, 2020. Third-party assessment organizations (3PAOs) will begin training this April and May. That’s not a whole lot of time to prepare, but don’t panic. This is one of the many areas where we can help you tremendously.

Is CMMC Compliance the Same As NIST 800-171 Compliance?

In short, no. Passing a CMMC audit does not necessarily mean that you are compliant with NIST 800-171. CMMC primarily focuses on Controlled Unclassified Information (CUI) controls, whereas NIST 800-171 includes Non-Federal Organization (NFO) controls. If this sounds confusing, you’re not alone in thinking so. The long and short of it is that you need to meet both standards — which can be understandably frustrating. In these precarious times, however, it’s imperative that you do. We’re here to make it a lot less frustrating for you.

Is CMMC Compliance Really Necessary?

Without a valid CMMC certification, a contractor can expect to be fully barred from winning, participating in or even bidding on a contract. And this in turn will have a trickle-down effect that will impact third-party associations, as well. Everyone — including small organizations such as IT support, bookkeepers and even janitorial support services — will be affected. Anyone who has anything to do with your supply chain, such as component manufacturers, are hit with this. So yes, it’s an extremely big deal — not just for you, but for everyone involved with you.

You Need More Than NIST. You Also Need CMMC Compliance.At V2 Systems, we’re here to help you every step of the way. For a free compliance assessment, call us today at 703-396-6120. We will make sure to put your organization on the right path — and keep you there. You shouldn’t have to worry about all of this jargon. That’s what we’re here for. Concentrate on your vision and let us handle the technology — and government compliance.

 

Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Concentrate on your VISION…We’ll handle the TECHNOLOGY!

 

ebriceno
About ebriceno
Erik Briceño is the owner of V2 Systems, Inc., one of Northern Virginia’s leading Information Technology Managed Service Providers. He is an inspiring leader for its employees and instrumental business partner for its customers. He is passionate about V2’s purpose, dedicated to exceeding expectations and a consummate professional not afraid of jumping in and getting his hands dirty. Prior to joining V2 Systems in 2002, Erik was a co-founder and COO of Ampcast.com, a leading provider of online resources servicing over 5,000 independent musical artists. At Ampcast.com, Erik spearheaded all aspects of corporate development, funding, strategic vision, and business development for the firm. From 1997 to 1999 Erik held the position of Acoustic Systems Engineer for Electric Boat Corporation, a leading defense contractor. In this role, Erik was responsible for the acoustic fidelity of two noise critical systems and components in the US Navy’s nuclear submarine systems. Erik holds a B.S. in Mechanical Engineering from Vanderbilt University and a Masters of Business Administration from George Mason University. When not working, you will find Erik a dedicated family man, raising two young children with his lovely wife Karen. Together, they enjoy building legos, playing baseball, skiing, riding horses, swimming, traveling, and fixing up old Mopars.
You Need More Than NIST. You Also Need CMMC Compliance.
You Need More Than NIST. You Also Need CMMC Compliance.