Epidemics, AIDS, CUI, and Cybersecurity
From Resistance to Standard Practice
Adapting to the Changing Requirements of CUI
Executive Order 13556, issued in 2010, defined a standard for protecting and transmitting CUI. In 2017, the requirement was introduced for defense contractors to follow the NIST 800-171 requirements, and CMMC 1.0 was implemented in 2020. As CMMC 2.0 begins to roll out, do those who have been in the industry before 2010 or even 2017 push back against the strict requirements of how to protect CUI? When handling CUI regularly, what will it take to have a universal precaution mindset? Just like the EMS workers of old put themselves at risk of personal harm if they choose not to wear gloves, so too does the individual or company that chooses not to follow the requirements for safeguarding CUI and other sensitive information.
Bridging the Gap and Fostering a CUI Culture
Ultimately, the challenge is to bridge the gap between awareness and action. Let’s start protecting CUI today instead of depending on the industry’s new hires who arrived post-2010 and even post-2017 to make it the easy and popular standard. The challenge is treating CUI similarly to the universal precaution protocol in EMS that, if leaked, may harm one person, company, or even nation. Only through collective effort and unwavering commitment can we hope to build a universal precaution of a resilient cybersecurity framework capable of withstanding today’s challenges.