Cybersecurity Maturity Model Certification (CMMC)
Defense contractors can no longer self-verify that they are meeting contractual cyber security standards – now they have to prove it.
In January 2020 the Department of Defense (DoD) published the first draft of the Cybersecurity Maturity Model Certification (CMMC), a new framework which the defense supply chain will now need to comply with and be certified against.
This new procedure will ensure that the 300,000+ defense contractors in the DoD supply chain have adequate cyber security controls in place, to protect the Defense Industrial Base’s (DIB) sensitive information.
As of summer 2020, DoD requests for information (RFIs) will include a CMMC Level that will reflect the level of cyber security required by the contractor to fulfil the contract.
The levels range from 1 to 5 – basic cyber hygiene up to advanced, progressive cyber security. The overwhelming majority of contracts are expected to be awarded at Level 1 or 3, with Levels 4 and 5 set to apply to sensitive and classified contracts. Each of the 5 levels is built upon the last, so compliance with level one, for example, is a requirement to achieve level two.
The non-profit Accreditation Body (AB) is responsible for managing, operating and sustaining the CMMC program, including training, evaluating and accrediting Certified Third Party Assessment Organizations (C3PAOs). These C3PAOs will perform independent assessments of contractors’ CMMC implementation and provide audit reports to the AB, which then issues CMMC certification that last for 3 years.
Titania Nipper’s role in CMMC
Titania Nipper’s accurate auditing capability has been mapped to CMMC controls to evidence compliance within 8 of the 17 domains. Automating 33 checks for network device security, and identifying non-compliance along with technical fixes, Nipper is proven to conserve the time and resources of C3PAOs, defense contractors’ internal audit teams and others providing CMMC assessment and pre-assessment services.
Click on the image to download the Infographic on CMMC compliance or register for your 30 day free Nipper trial.