February 17, 2021
Many companies are advertising a one-stop technology solution to prepare for the Cybersecurity Maturity Model Certification (CMMC) required by the Department of Defense for contractors and subcontractors. However, technology alone will not enable your company to achieve and maintain compliance. A company impacted by CMMC needs a holistic solution encompassing people, processes, and technology. This includes an understanding of system boundaries, security technical implementation guidelines, processes, procedures, and a system security plan, which are all required to support evidence of compliance.
First, your organization needs to determine which maturity level is required for CMMC compliance. Levels range from 1 (basic cyber hygiene) to 3 (advanced/proactive processes) focusing on the protection of controlled unclassified information from advanced persistent threats (i.e. cyberattacks). Once the level is determined, the next step is to either perform a self-assessment or engage a certified Registered Provider (RP) to review your security program controls against the required level, identify gaps, and provide remediation recommendations. The RP can also help your organization implement recommendations.
Dewpoint and Dewpoint’s CISO, Don Cornish, have received certifications through the Cybersecurity Maturity Model Certification-Accredited Body as a Registered Provider Organization and Registered Provider. (Visit CMMCAB.com to validate.) Contact us to learn more about how we can help your organization become CMMC compliant.range from 1 (basic cyber hygiene) to 3 (advanced/proactive processes)