In previous blogs, we’ve outlined NIST 800-171 standards and why it’s important to follow them. The next evolution of NIST for 2020 is the CMMC — Cybersecurity Maturity Model Certification — and there’s a deadline to adopt it that’s coming up fast. What exactly is it and how can you comply with these additional standards? Let’s take a look.
What is CMMC and What Does It Have to Do With NIST?
Cybersecurity Maturity Model Certification (CMMC) can be seen as an extension of NIST 800-171. This new cybersecurity certification is built upon NIST 800-171 and seeks to make sure the appropriate levels of security are in place to help protect networks connected to the Department of Defense. If you plan on working for the DOD, even as a contractor, being NIST 800-171 compliant is a requirement. One of the key differences is that organizations can self-attest that they are compliant, without needing any certification or actual proof. As a result, actual compliance was found to be lacking overall. So now, assessment is required by a third party in order to determine true cybersecurity “maturity,” hence the birth of CMMC.
How Long Do You Have to Adopt CMMC?
As mentioned above, this is coming up very quickly. The deadline for Cybersecurity Maturity Model Certification is in fall of this year, 2020. Third-party assessment organizations (3PAOs) will begin training this April and May. That’s not a whole lot of time to prepare, but don’t panic. This is one of the many areas where we can help you tremendously.
Is CMMC Compliance the Same As NIST 800-171 Compliance?
In short, no. Passing a CMMC audit does not necessarily mean that you are compliant with NIST 800-171. CMMC primarily focuses on Controlled Unclassified Information (CUI) controls, whereas NIST 800-171 includes Non-Federal Organization (NFO) controls. If this sounds confusing, you’re not alone in thinking so. The long and short of it is that you need to meet both standards — which can be understandably frustrating. In these precarious times, however, it’s imperative that you do. We’re here to make it a lot less frustrating for you.
Is CMMC Compliance Really Necessary?
Without a valid CMMC certification, a contractor can expect to be fully barred from winning, participating in or even bidding on a contract. And this in turn will have a trickle-down effect that will impact third-party associations, as well. Everyone — including small organizations such as IT support, bookkeepers and even janitorial support services — will be affected. Anyone who has anything to do with your supply chain, such as component manufacturers, are hit with this. So yes, it’s an extremely big deal — not just for you, but for everyone involved with you.
At V2 Systems, we’re here to help you every step of the way. For a free compliance assessment, call us today at 703-396-6120. We will make sure to put your organization on the right path — and keep you there. You shouldn’t have to worry about all of this jargon. That’s what we’re here for. Concentrate on your vision and let us handle the technology — and government compliance.
Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Concentrate on your VISION…We’ll handle the TECHNOLOGY!