Earlier this year, the Department of Defense (DOD) announced all DOD contractors must prove they meet specific security standards as outlined in the new Cybersecurity Maturity Model Certification (CMMC) framework. As the new mandate takes effect, the standards may be more broadly applied to subcontractors within the DOD supply chain. In addition, state governments are looking at the new standards and investigating if they should also apply the framework to their contractors.
The first step in determining the impact of CMMC to your organization is assessing the maturity level of your current security posture. The assessment provides a gap analysis against the applicable requirements of the CMMC framework. If your organization is below the required security maturity level, the next step is to identify actions to be implemented to achieve control requirements. Once the actions are implemented, it is necessary to maintain that level and regular validation assessments (typically on an annual basis) should be performed, ensuring the maturity level is maintained.
If you want to learn more about CMMC or need an independent view of your current security posture against CMMC standards, Dewpoint is here to help. We have experienced security consultants available to assess, recommend and implement changes to ensure you can maintain the level of certification needed for compliance.