The CMMC guidelines are expected to come out in 2020. Thus, the certification process should start sometime in 2020 or 2021. If you are a DoD contractor in Virginia Beach, contact HRCT today for assistance.
If you have contracts with the U.S. Department of Defense (DoD), you are probably aware of the new requirements to ensure data security and privacy. HRCT can help you prepare for mandated third-party Cybersecurity Maturity Model Certification audits. The DoD has set up measures for companies to receive reimbursement for the expense of meeting CMMC standards — but first, you have to pass the various certification stages.
What is Controlled Unclassified Information (CUI)?
CMMC requirements protect controlled unclassified information (CUI). CUI is data possessed by the government or by organizations acting on behalf of the government. This includes most companies with DoD contracts that are expected to handle this data with a high degree of confidentiality.
What Are the CUI Registry Groupings?
A CUI Registry delineates the categories and subcategories protected by the Executive branch. It includes the following groupings:
- Defense
- Immigration
- Critical Infrastructure
- Export Control
- International Agreements
- Financial
- Intelligence
- Legal
- Law Enforcement
- Legal
- Nuclear
- Natural and Cultural Resources
- NATO
- Procurement and Acquisition
- Tax
- Privacy
- Provisional
- Statistical
- Proprietary Business Information
What Is the History of CMMC?
The Cybersecurity Maturity Model Certification builds on regulations — such as DFARS 252.204-7012 — that build trust between government agencies and organizations that meet strict cybersecurity standards. CMMC adds a verification layer to ensure that its partners in the private sector adhere to the required levels of data security.
Suppliers have expressed concern over the expected costs of aligning their operations and IT infrastructure with the new standards. Under CMMC, private contractors must interpret how complex NIST 800-171 controls apply to their operations. NIST 800-171 is short for the National Institute of Standards and Technology Special Publication 800-171. Basically, the publication addresses how Controlled Unclassified Information (CUI) must be handled in non-government information systems.
How Could the Government Make the Certification Process Simpler?
The more information contractors can obtain, the more likely they will be to pass each stage of the certification, with minimal remediation required. By providing advanced guidance, the DoD can set companies up for success and make the process go smoother for everyone involved.
Technical jargon is another element that unnecessarily complicates the compliance process. Replacing technical jargon with natural language might clarify some of the requirements. Adjustments are still occurring, and this sometimes involves moving security controls from higher to lower levels of CMMC compliance. This makes suppliers scramble on tight time constraints while preparing for an audit.
When Is the Deadline?
The CMMU guidelines are expected to come out in 2020. Thus, the certification process should start sometime in 2020 or 2021. If you are a DoD contractor in Virginia Beach, contact HRCT today for CMMC prep assistance.
Need to prepare for a CMMC Audit? CLICK HERE