CMMC Still on Schedule Despite Covid-19 Setbacks
The Cybersecurity Maturity Model Certification (CMMC) is still on schedule according to an article posted by National Defense Magazine on April 22, 2020. CMMC was developed by the Department of Defense and industry as an effective means of implementing a risk based management approach to cybersecurity. The first draft (Version 1.0) was released in January 31, 2020. This approach to cybersecurity will be accomplished by establishing baseline requirements for vendors in the defense industry. By the end of September 2020 the DoD will require at least some companies to meet certain criteria of cybersecurity when responding to requests for proposals. By 2026 all new DoD contracts will require compliance.
Auditor Classes on Schedule as Well
Auditing of businesses involved in DoD contracts will occur by qualified third parties. These auditors will be qualified by means of CMMC Certified Third Party Organizations (C3PAO). Plans are still underway to get the first round of C3PAO classes running in May or June of this year. These audits will be performed on site.
Businesses Urged to Get Started
Katie Arrington, chief information security officer at the office of the undersecretary of defense acquisition recently commented that businesses should start implementing Level 1 requirements immediately. She was quoted as saying “CMMC level one are 17 controls, no cost, that you can implement today that can help you be secure”. She also stressed a need for urgency saying “Waiting isn’t an option for any of us right now”.
The Need for Effective Cybersecurity in Businesses is Very Real
As of the beginning of the year about $600 billion dollars of domestic product is lost through cyber theft per annum. A large part of this is being undertaken by the Peoples Republic of China and the Democratic People’s Republic of Korea. For businesses involved in the manufacture or development of defense materiel, this is especially concerning.
Because of Covoid-19 many companies have had to institute remote work before establishing sufficient cyber protocols. At this time companies are being urged to remain diligent. Of late many businesses have had problems with Zoom. While Zoom is not alone with regards to vulnerabilities, its links to China make it a poor choice for members of the defense industrial base.
CVG Strategy is committed to getting businesses on track and competent with cybersecurity. Our Cybersecurity Consulting Services help organizations plan, create, upgrade, and certify a robust and effective Information Security Management System (ISMS). Contact Us today to see how we can help