Cybersecurity Alert: Suppliers Don’t Get Locked out of Government Contracts
Recently, a member from Women in Tech NJ & NY shared a new cybersecurity requirement for government contractors, which may impact suppliers in our community. The Cybersecurity Maturity Model Certification (CMMC) framework will be a requirement for some companies to bid on a Department of Defense (DoD) contract. The CMMC Accreditation Body (CMMC-AB) establishes and oversees a qualified, trained, and high-fidelity community of assessors that can deliver consistent and informative assessments to participating organizations against a defined set of controls/best practices within the CMMC program. According to the CMMC-AB (www.cmmc-ab.org), the goal is to prevent sensitive data from being stolen by adversaries from the 300,000 DoD contractors and subcontractors. The two key types of information DoD wants to protect are Controlled but Unclassified Information (“CUI”) and Federal Contract Information (“FCI”). The main concerns of DoD include a) theft and use of this information against the national security interests of the United States and b) theft of intellectual property that results in an estimated $600 billion loss to the U.S. economy.
How did we get here?
A cybersecurity risk management function within an organization is vital to safeguarding customer data, minimizing remediation costs, and protecting a company’s critical infrastructure systems. The National Institute of Standards and Technology (NIST) developed Framework Version 1.0 under Executive Order (EO) 13636, “Improving Critical Infrastructure Cybersecurity” (February 2013), which provided much needed guidance. The framework used a common language to address and manage cybersecurity risk in a cost-effective way based on business and organizational needs without placing additional regulatory requirements on businesses. To better address these risks, the Cybersecurity Enhancement Act of 2014 (CEA) updated the role of the NIST to include identifying and developing cybersecurity risk frameworks for voluntary use by critical infrastructure owners and operators, resulting in Version 1.1. The structure of the framework is categorized by five core functions; Identify, Protect, Detect, Respond, Recover, and 23 additional sub-categories as a foundation to cybersecurity risk management.
CMMC Framework Overview
Cybersecurity Maturity Model Certification (CMMC) framework consists of maturity processes and cybersecurity best practices from multiple cybersecurity standards, frameworks, and other references, as well as inputs from the Defense Industrial Base sector (DIB) and Department of Defense (DoD) stakeholders. The DIB sector consists of over 300,000 companies. The CMMC framework measures cybersecurity maturity with 5 Levels, 17 Domains, 43 Capabilities, and 171 Practices. It has been determined that by 2025 all DoD Suppliers need CMMC-AB Certification, which allows the organization to bid on DoD contracts up to the identified maturity level. In order to change status from Supplier to a CMMC Certified Supplier the CMMC-AB Assessment must be conducted by a Third-Party Assessor Organization and Certified Assessors. The CMMC-AB Certificate is valid for 3 years.
Next Steps
The CMMC initiative is still under development and there are currently no Third-Party Organizations that can officially grant an CMMC certification, however, it is still important to prepare for an upcoming cybersecurity audit. During this COVID-19 era, Suppliers can start working toward compliance by reviewing the National Institute of Standards and Technology Special Publication 800-171 controls in preparation for the upcoming release of CMMC. Contacting a cybersecurity risk management advisor for a pre-assessment is key to understanding deadlines and remediation requirements. Keep in mind that acquiring a Third-Party Assessor in the future may require external funding sources to cover the cost as well as cybersecurity insurance.
About Cathy C. Smith
Cathy C. Smith, CEO of Chameleon Consulting, is a Digital Business Transformation Advisor, Author, and Founder of Women in Tech NJ & NY. She advises Executives, Board of Directors, Management Consulting Firms, and Professionals on cybersecurity risk management strategies to thrive in the digital economy. She shares best practices in her published book titled “How to Become a Digital Leader: A Roadmap to Success.” She invites readers to follow her on Twitter at @CathyCSmith and visit her website at www.chameleonconsultingllc.com.
I am so grateful for your blog. Really thank you! Much obliged. Juliane Onfre Boote
Thanks for sharing, this is a fantastic blog. Much thanks again. Awesome. Corry Morrie Ludovick
I do not even understand how I stopped up right here, however I thought this put up used to be good. Vittoria Javier Muhammad
Great article. I will be dealing with many of these issues as well.. Cthrine Davis Geer
The cleansing firm accomplishes cleaning of areas of numerous dimensions and also configurations. Myrna Waylin Conrad
Good post! We will be linking to this particularly great article on our site. Keep up the good writing. Atlante Peterus Sadoc
I have read so many articles on the topic of the blogger lovers but this post is genuinely a pleasant post, keep it up. Brittne Ransell Bum
Yessssssssssss. Undeniable Awesome food. Definitely worth trying. Caryn Skip Proud
I like it when individuals come together and share views. Barbette Bernie Sidonie
This piece of writing provides clear idea designed for the new visitors of blogging, that genuinely how to do blogging and site-building. Natka Tristan Johm
Some truly nice and utilitarian information on this site, besides I believe the pattern has got great features. Codi Grant Nealy
Simply wanna remark that you have a very decent site, I enjoy the layout it really stands out. Tabina Normie Adon
I have recently started a website, the info you provide on this website has helped me tremendously. Thanks for all of your time & work. Nicolette Koenraad Jara
If you would like to increase your knowledge simply keep visiting this web site and be updated with the most up-to-date news update posted here. Hetti Irwinn Glenna
I quite like looking through a post that will make men and women think. Also, thanks for permitting me to comment. Jami Russ Anabella
I truly appreciate this blog article. Really thank you! Fantastic. Livia Bartholemy Vivyanne
Some truly wonderful articles on this site, appreciate it for contribution. “A liar should have a good memory.” by Quintilian. Corinne Pincus Drolet
Simply wanna admit that this is extremely helpful, Thanks for taking your time to write this. Lissie Adelbert Romelle
Nice piece of info! May I reference part of this on my blog if I post a backlink to this webpage? Thx. Irene Oliviero Sopher
This is my first time go to see at here and i am in fact pleassant to read all at one place. Deeanne Bevan Vincenty
Awesome! Its in fact remarkable paragraph, I have got much clear idea regarding from this article. Emelia Frederik Ishmul
I constantly spent my half an hour to read this weblog’s articles
or reviews every day along with a mug of coffee.
Hello this is kinda of off topic but I was wanting to know if blogs use WYSIWYG editors or if you have
to manually code with HTML. I’m starting a blog soon but have no coding
skills so I wanted to get guidance from someone with experience.
Any help would be greatly appreciated!
Greetings:
I would suggest you engage with a webmaster.
Great post. I used to be checking continuously this weblog and I am impressed!
Very helpful information specially the final part 🙂 I handle such info much.
I used to be looking for this certain information for
a long time. Thanks and good luck.
Thank you for putting things together. I have found your site the easiest place to find things to do. Bless you! Lizbeth Brien Filomena
After all, we should remember compellingly reintermediate mission-critical potentialities whereas cross functional scenarios. Phosfluorescently re-engineer distributed processes without standardized supply chains. Quickly initiate efficient initiatives without wireless web services. Interactively underwhelm turnkey initiatives before high-payoff relationships. Holisticly restore superior interfaces before flexible technology. Lacey Abram Plumbo
Hi there to every one, the contents existing at this site are genuinely awesome for people knowledge, well, keep up the good work fellows.| Reta Korey Frum
Great delivery. Outstanding arguments. Keep up the amazing effort.| Allegra Land Teplitz
I intend to get even more followers by sending my photos to blogs. Like when people click with, they will connect to my blog. Tallie Demetrius Lawson
Hello, after reading this awesome post i am as well cheerful to share my experience here with colleagues. Charlean Garvin Germano
Great delivery. Solid arguments. Keep up the amazing effort.
Also visit my web-site: best CBD oil for anxiety
I really like your blog.. very nice colors & theme.
Did you create this website yourself or did you hire someone to do it for you?
Plz respond as I’m looking to design my own blog
and would like to find out where u got this
from. thank you
Write more, thats all I have to say. Literally, it seems as though you relied on the
video to make your point. You obviously know what youre talking about, why throw away your intelligence
on just posting videos to your site when you could be giving
us something enlightening to read?
Simply wish to say your article is as astonishing.
The clearness in your post is simply cool and i can assume you are
an expert on this subject. Fine with your permission let me to grab your feed
to keep up to date with forthcoming post.
Thanks a million and please keep up the gratifying work.
Hey there! I’m at work surfing around your blog from my new
iphone 4! Just wanted to say I love reading through your blog and look forward to all your posts!
Keep up the fantastic work!
I have read so many articles regarding the blogger lovers but this article is truly a nice post, keep it up.
It’s awesome designed for me to have a web page,
which is helpful in support of my know-how. thanks
admin
Actually no matter if someone doesn’t be aware of afterward its up to other people that they will assist, so here it happens.
Hi, just wanted to mention, I loved this article.
It was funny. Keep on posting!
Great post. I was checking constantly this weblog and I am inspired!
Extremely helpful information specially the final phase 🙂
I maintain such information a lot. I used to be seeking
this particular information for a long time. Thanks and best of luck.
Feel free to visit my web blog – CBD for dogs