Photo by Braden Collum on Unsplash
Understanding Cybersecurity Maturity Model Certification
Ready, Steady, …
The US Department of Defense (DoD or the Department) created the Cybersecurity Maturity Model Certification (CMMC) program to add a comprehensive and scalable certification process to verify the implementation of industry practices that achieve a cybersecurity maturity level. CMMC is designed to provide assurance to departments and agencies that the defense industrial base (DIB) contractor can adequately protect sensitive unclassified information such as federal contract information and controlled unclassified information (CUI). The US government is concerned with ensuring that the data and information their contractors receive is stored and used safely. This government-furnished information is more commonly known as GFI.
Of great concern is the potential that government-furnished information will escape into the wild. The US government wants to protect itself and its citizens against the theft of intellectual property and the sensitive information of US industrial sectors from malicious cyber activity. The aggregate loss of intellectual property and certain unclassified information from the DoD supply chain can threaten US economic and national security by undercutting technical advantages and innovation and significantly increasing risk to national security.
To address these concerns, the DoD issued an interim rule [1] September 2020 intended to create a DoD assessment methodology and CMMC framework to assess a contractor's cybersecurity posture. By issuing the interim rule, the US government is seeking to understand what requirements and business practices contractors incorporate to protect their unclassified information systems and the data that is housed on those systems from a threat actor.
The US currently requires DoD contractors to include Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012 [2] in
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Vulnerability assessment best practices for enterprises
A vulnerability assessment is an important step toward protecting an organization's critical IT assets. - NIST Releases Draft of Cybersecurity Security Framework v2.0
- NSA Issues Zero Trust Guidance on Automation and Orchestration
-
News for Admins
In the news: DHS Releases New Guidelines for Securing Critical Infrastructure; Datadog Report Examines DevSecOps Best Practices; Upskilling Key to Tech Staffing Challenges, Says LF Survey; 2024 Open Source Pros Job Survey Report Released; OpenSSF Issues Guidance to Help Prevent Social Engineering Attacks; Black Duck Supply Chain Edition Released by Synopsys; Spectra Logic Announces New Tape Libraries and Management Software; LPI Launches Open Source Essentials Program; Apache Software Foundation Celebrates 25 Years; SUSE Announces Rancher Prime 3.0; NSA Issues Zero Trust Guidelines for Network Security; and NIST Releases Major New Version of Cybersecurity Framework.
- NSA Issues Zero Trust Guidelines for Network Security