Cybersecurity Maturity Model Certification (CMMC) 2.0
Are you ready?
4 Key Points of CMMC 2.0
There are up-and-coming requirements for DIBs regarding the CMMC 2.0 program. Here is what you need to know:
- The Purpose of the CMMC 2.0 Program
1) Reducing the cost of compliance, especially for small businesses
2) Increasing trust in the CMMC assessment ecosystem
3) Clarifying and aligning cybersecurity requirements with other federal and commonly accepted standards - The Current Status of CMMC 2.0
As of November 2021, CMMC 2.0 has been in the rule-making process, which can take anywhere from 9 to 24 to become the industry requirement for all DIBs. The timeframe includes a 60-day public comment and concurrent congregational review period. - The Requirement of CMMC 2.0
DIBs will be required to adhere to the requirements of CMMC 2.0 (which mirror NIST SP 800-171 and NIST SP 800-172), and then the interim grace period between CMMC 1.0 and CMMC 2.0 ends. - The Different Company Levels of CMMC 2.0
Three levels (foundational, advanced, and expert) exist within the confines of the CMMC 2.0 program.
Level 1 – The foundational level has 17 practices and is for companies protecting Federal Contract Information (FCI).
Level 2 – The advanced level has 110 practices (aligns with NIST SP 800-171) and is for companies with Controlled Unclassified Information (CUI).
Level 3 – The expert level has 110+ practices (use a subset of NIST SP 800-172 requirements) and is for the highest priority companies protecting CUI.
Example Steps in a DIY Compliance Solution
- Assess and create 17 top-level policy folders and documents for your company Cybersecurity profile to comply with CMMS 2.0 (3.1 through 3.17)
- Develop and Validate an SSP
- Develop Personnel Security procedures
- Develop a detailed Configuration Management Plan
- Develop Security Awareness Training Procedures and Schedule
- Develop a Media Protection plan and procedures
- Development Audit and Accountability Plan
- Develop a System and Communications Security Plan
- Develop an Operations and Development Contingency Plan
- Development of a Systems and Software Maintenance Plan
- Build Secure cloud servers with company applications that are only accessible to US citizens
- Build clients and servers that encrypt data at rest and data in transport to protect CUI
- Determine your company profile(s) [manufacturing, development, account, etc] and define the configurations assets that you need to protect
- Run DISA STIGS on all operating systems, browsers, and applications, then remove the vulnerability findings for each asset
- …and literally hundreds of pages and steps more.
/
Our turnkey solution eliminates the hundreds of hours spent on CMMC 2.0 compliance mandates. We cover all your NIST SP 800-171 concerns within our product, saving you on medicine for headaches and dollars for hourly wages.