What is CMMC, and Why is it Important?
Cybersecurity is one of the more daunting and closely-monitored fields in the world. There are challenges and obstacles that didn’t exist until recently; and that’s just trying to figure out the acronyms. One of the more relevant acronyms today is CMMC, or Cybersecurity Maturity Model Certification. So, what is CMMC, and why is it important?
From the Chief Intelligence Officer (CIO) of the Department of Defense (DoD): “The CMMC program is aligned to DoD’s information security requirements for Defense Industrial Base (DIB) partners. It is designed to enforce protection of sensitive unclassified information that is shared by the Department with its contractors and subcontractors. The program provides the Department increased assurance that contractors and subcontractors are meeting the cybersecurity requirements that apply to acquisition programs and systems that process controlled unclassified information.”
Keep in mind that we warned you about the acronyms.
What does this mean in plain English?
In summary, there are over 200,000 private-sector companies that work with the Department of Defense as part of their extended network. These companies may deal with sensitive information, and as such, are targets for bad actors and hackers looking to steal information, plant ransomware, and generally compromise the network’s security. For this reason, the Department of Defense created a cybersecurity standard that every company in the DIB must adhere to.
“It makes sense,” says MacguyverTech CEO Steve (Mac) McKeon. “DIB partners and subcontractors are dealing with sensitive information, so it’s essential that this information is protected. The Department of Defense sets standards for network monitoring, malware detection, password authentication, e-mail and browser protection, data encryption, and more.”
Additionally, CMMC is the model used by certified assessors to verify that contractors are doing what they claim to be doing to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). So it’s used not only as an initial standard, but also as a continual benchmark for future inspections.
Why is this important to your company?
If your company ever has or potentially will deal with any sort of government data, this is a standard that will have to be met. “It’s going to mean lost business to companies that drag their feet,” said McKeon. “It’s why we’re not only striving to meet the initial CMMC 1.0 standard, but the new CMMC 2.0 standard as well. There are up to 110 or more best practices at the top level of CMMC 2.0. We want to be ready, and help our clients and partners get ready as well.”
“The future of cybercrime and cybersecurity is here,” he said, “and we need to work together to make sure we end up on the right side of the battle.”
For details on CMMC, you can visit the Department of Defense’s CIO page here.
For more information about cybersecurity, even more acronyms, and blogs like this, visit our home page here.
