Data protection is essential for every organization. For organizations with government contracts, data protection and overall cybersecurity posture can be a matter of national security. In November 2021, The Department of Defense announced enhancements to its upcoming cybersecurity framework: The Cybersecurity Maturity Model Certification (CMMC).
CMMC 1.0 was announced in 2020, but the Department of Defense (DoD) updated the framework in response to industry comments, Congress, and other federal agencies. The updated set of standards is known as CMMC 2.0. However, CMMC 2.0 will not be enforced until it completes an extensive rulemaking process, which takes between nine and 24 months.
The CMMC framework creates a set of tiered cybersecurity standards that will apply to government contractors to ensure that the 300,000+ companies in the defense industrial base (DIB) supply chain maintain a strong cybersecurity posture. The three-tiered system is based on the contractor’s access level, with each tier requiring different assessment levels and requiring specific practices.
Companies with government contracts can start preparing for compliance now. The DoD has developed Project Spectrum to help organizations evaluate their posture and make necessary changes.
Additionally, LogicGate’s Risk Cloud® platform can help organizations better understand their overall GRC status. CMMC 2.0 is closely aligned with NIST 800-171 and NIST 800-172, so complying with these frameworks will make significant progress towards future CMMC compliance.
It’s essential for any organization with government contracts or plans to acquire them, to prepare for compliance now. Read on to learn everything you need to understand about this critical