Achieve compliance with up to 89% of CMMC network security practices across 9 domains, with Nipper
Titania Nipper helps you achieve compliance with up to 89% of CMMC network device practices. The dedicated CMMC Module helps to provide evidence for 24 of the Level 1-3 practices for firewalls, switches and routers, accurately automating the assessment of 18 and providing evidential information for 6 practices, helping you quickly and easily:
- Establish a baseline to use when creating a roadmap to compliance;
- Evidence the findings in Certified Assessor-ready formats;
- Prioritize your remediation activity based on ease of fix, impact and the likelihood of exploitation; and
- Rapidly address misconfigurations and issues raised as areas of non-compliance with the exact technical fixes provided.
More information about the Nipper CMMC Module can be found on the datasheet.
In November 2021, following a review as part of the Biden Administration’s effort to enhance the security of the US supply chain, the DoD announced its proposed changes to the CMMC program. For more information on these changes, please read our article on CMMC 2.0 here.
CMMC Version 1.02
As well as the significant economic cost of malicious cyber activity (estimated in excess of $57b per annum), the aggregate loss of controlled unclassified information (CUI) from the Defense Industrial Base (DIB) is a known risk to US national security. As a result, in January 2020, the Department of Defense (DoD) introduced a new procedure to certify approximately 300,000 defense contractors in its supply chain have adequate cybersecurity controls in place to protect the DoD’s information.
All contractors and subcontractors that handle federal contract information (FCI) and CUI will be subject to CMMC. The DoD clarifies what CMMC Maturity Levels are required in the request for information (RFI), and awardees must prove the required Level by the time of award. Subcontractors may not need to meet the same CMMC Level required by the prime contractor – the DoD will clarify which parts of a contract require which CMMC Levels.
Accurately Assess CMMC Compliance with Nipper
Saving significant time and resources for internal assessors, RPOs and cybersecurity service providers, Nipper is easy to configure for CMMC assessments and integrates with SIEM and GRC tools for a network-wide view of compliance.Audits: Firewalls | Switches | Routers
The CMMC 2.0 model contains:
- Level 1 | Foundational (110+ practices based on NIST 800-172)
- Level 2 | Advanced (110 practices based on NIST 800-171)
- Level 3 | Expert (17 practices)
The CMMC model consists of 17 Domains, which in turn consist of a set of processes and security practices across the different Levels. Drawing heavily on existing safeguarding and security requirements, most notably NIST 800-171 which is the basis for 110 out of CMMC’s 171 controls.
Automate CMMC assessments across 9 Domains
The non-profit Accreditation Body (AB) is responsible for managing, operating and sustaining the CMMC program, including training, evaluating and accrediting Certified Third Party Assessment Organizations (C3PAOs). These C3PAOs will perform independent assessments of contractors’ CMMC implementation and provide reports to the AB, which then issues CMMC certifications that last for 3 years.
Defense contractors’ internal audit teams and others providing CMMC assessment services, including Registered Party Organizations (RPOs), can leverage Titania Nipper’s accurate auditing capability to assess compliance with 42 CMMC security practices, providing artifacts that evidence compliance within 9 domains:
•Access Controls (AC)
•Asset Management (AM)
•Audit & Accountability (AU)
•Configuration Management (CM)
•Identification & Authentication (IA)
•Risk Management (RM)
•Security Assessments (CA)
•System & Communications Protection (SC)
•System & Information Integrity (SI)
Why automate CMMC assessments with Titania Nipper?
Titania Nipper is in service with the DoD, where it is trusted to automate the configuration audits of network devices against DISA STIG and CIS benchmarks to prove compliance with Risk Management Frameworks such as DISA RMF, NIST CSF and NIST 800-53 and NIST 800-171. Taking just minutes to set up and generate reports, Nipper’s proven accuracy advantage is estimated to save the DoD up to 3 hours per device by not investigating false positives reported by other compliance tools.
As CMMC v1.02 security practice checks build on the above frameworks and controls, CMMC auditors and assessors are expected to save significant time and resources by automating their compliance checks using Nipper. The software also identifies otherwise-missed false negatives and includes recommendations and specific command line fixes for any issues found, helping to reduce internal teams’ mean time to remediate.