If you are in possession of Federal Contract Information (FCI) or Controlled Unclassified Information (CUI), now is the time to better address security and the new Cybersecurity Maturity Model Certification (CMMC).
Not your father’s 800-171
For those of you who were already NIST 800-171 compliant, you likely have many of the necessary controls in place to protect CUI under CMMC. However, very few organizations have actually met the standard. And while 800-171 is self-attested, CMMC requires a third-party review and enforces controls on organizations that were previously able to determine (read: ignore) their own levels of risk. CMMC may also be more practical, as it now puts structure around the process, making it much clearer what level of maturity, documentation, and controls to which organizations must adhere.
Impacts to the supply chain and beyond
Everything rolls downhill. Depending on the type and sensitivity of information and the associated range of threats, prime contractors will look to their sub-contractors as part of their own compliance. Having the appropriate System Security Plan (SSP) and Plan of Actions & Milestones (POAM) to achieve security and compliance will be much more heavily scrutinized with the new process.
Time is not on your side
Generally, the more time you have to do something, the less money and stress it will cause, so getting out in front of areas of concern will only benefit your organization. If you’re one of the 300,000 suppliers in the DoD supply chain, join Security Program Development Director Stephen Marchewitz and Governance, Risk, and Compliance Principal Consultant Rick Yocum as they discuss how to climb the ranks from the basics to the level of maturity needed with tips and tricks that make the journey smoother and more cost-effective.