Teaser: How CMMC and SolarWinds Will Impact …
If you’re looking for some clarity on CMMC and what it means for you and your organization, you may find it a bit overwhelming to visit the official site, where even the very definition of CMMC is overly complicated. That site says:
CMMC stands for “Cybersecurity Maturity Model Certification” and is a unifying standard for the implementation of cybersecurity across the Defense Industrial Base (DIB). The CMMC framework includes a comprehensive and scalable certification element to verify the implementation of processes and practices associated with the achievement of a cybersecurity maturity level. CMMC is designed to provide increased assurance to the Department that a DIB company can adequately protect sensitive unclassified information, accounting for information flow down to subcontractors in a multi-tier supply chain.
Basically, the government wants to be able to trust that your company can handle data safely, based on their given set of standards. But what’s it take to achieve compliance? That one is a bit more complicated, said EJ Hilbert, former FBI Agent-turned CISO, ahead of his talk on this very topic at the Chicago Virtual Cybersecurity Summit.
During Tuesday’s Guest Keynote session, Hilbert has a lot more details to share. Be sure to log in and catch all the details.
“It changes the way we as companies certify to the US government that we are able to protect the data they’re giving us. It no longer allows you to self-certify, it no longer allows you to come up with your own various rules. You have to bring an expert third-party in to watch over you, and if you do not comply, you don’t win the work,” Hilbert said.
The pressure to adapt CMMC comes hot off the heels of SolarWinds supply chain compromise, which, according to Hilbert, was a major exposure of some of the shortcomings of our current system and our supply chain.
“What people don’t recognize is, the government cannot regulate everybody. They can only place rules for those groups that want to do business with the government,” he said. “Though the DoD is the only group right now that has this in place, it could spread to all government contractors across the board, and it would force them to have the same levels of standard.”
Recent news posts
Cybersecurity Leaders Gather Virtually in Atlanta, Gain Insights From Secret Service
MFA Miss Precipitates Heavy Fines from NY Cybersecurity Regulatory Body
Indian Power Infrastructure Targeted by State-Sponsored Cyber Threats
SolarWinds, Non-Compliance, and What Brought Us to CMMC
Weekly Roundup: DevSecOps is On Everyone’s Mind
Attend an Event!
Connect and collaborate with fellow security innovators at our Virtual Cybersecurity Summits.