July 15, 2020 1:00 PM CSTWorried about CUI staying secure as the business world becomes more remote? In order to prepare for CMMC Level 3, does managing an on-going compliance program seem impossible? Small businesses need affordable, practical and secure ways to protect CUI. Cyber maturity starts with technology, but it's only part of a full compliance program. How is the secure system set up, segmented, accessed managed, encrypted, etc dictates the process maturity of a business.
The US Department of Defense (DoD) has developed a Cybersecurity Maturity Model Certification (CMMC) to ensure that contractors have implemented the required security controls to protect sensitive data, including Federal Contract Information and Controlled Unclassified Information (CUI). By complying with CMMC requirements, contractors can enhance their system security plan (SSP) and gain a competitive edge in winning defense contracts.
With CMMC on the horizon and increased attention on NIST SP 800-171 through DCMA DIBCAC assessments, small businesses are looking to solidify their compliance implementation. Through pre-assessments and surveys, the areas of auditing & accountability, incident response and vulnerability detection have been routinely identified as a continued area of deficiency for small businesses.
When CMMC audits begin, will your organization have the required practices and processes in place to ensure controlled unclassified information (CUI) stays secure? How will you keep CUI protected as it’s shared between contractors, agencies, and mission partners throughout DoD supply chain collaboration workflows?