NIST 800-171/ CMMC Compliance
Is your organization ready for the NIST 800-171/CMMC compliance requirement?
Cybersecurity Maturity Model Certification (CMMC) is a framework based on the Department of Defense’s existing DFARs. Its goal is to improve Controlled Unclassified Information (CUI) by a formal audit program for compliance.
It applies to ALL government contractors, primes and subs, who do business with the Department of Defense. Beginning in September 2020, some DoD contractors will need to be certified at the appropriate CMMC level in order to bid on Requests for Proposals.
Cybernet is tracking the changes from DoD daily. Our experienced and knowledgeable team can help prepare a roadmap to get your organization compliant and ready to meet the requirements.
No matter what kind of cyber protection you need, it’s not a one size fits all.
Since 2016, the U.S. government has required all DoD contractors to be NIST 800-171 compliant. This originally allowed for defense industrial base (DIB) contractors to manage their cybersecurity with self-assessments. However, this set of requirements, currently under DFARS, is for any non-federal computer systems that stores, processes, and transmits CUI or provides the security for such systems.
With the CMMC standard, there are a few differences between it and NIST, however, a majority of the controls remain the same. The biggest difference is that CMMC does NOT allow for self-certification. Instead, it requires an audit from a 3rd party approved auditor a.k.a C3PAO.
Contractors must be certified from level one to level five. The designation will evaluate and grade a company based on how they handle and manage certain cyber threats, for example, like identity, protection, detection, response and recovery.
Cybernet provides independent assessment and designs tailored solutions for exactly what your company needs – nothing less, nothing more.