CMMC 2.0 Could Make Things Easier For Your Business
source link: https://bigdataanalyticsnews.com/cmmc-2-0-make-things-easier-for-business/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
CMMC 2.0 Could Make Things Easier For Your Business
By now, you have a grasp on just how seriously the Department of Defense takes NIST compliance. Looking out for your firm’s cybersecurity is among your top responsibilities. While cybersecurity operations are an essential part of your operating procedures, the rapid pace of change can be difficult to keep up with. The DoD continues to update its expectations on cybersecurity standards for the Defense Industrial Base. You need to be sure that your organization is prepared to pivot.
The latest development to the DoD‘s cybersecurity program is known as CMMC. The Cybersecurity Maturity Model Certification program has been the topic of discussion for quite some time and is poised to create a measure of accountability of DoD contractors. CMMC essentially fortifies the DFARS by creating an accreditation body to verify NIST compliance. This measure is designed to add an extra layer of protection beyond the usual self-assessments that contractors are expected to complete.
CMMC 2.0
Understandably, the implementation of an accreditation body was met with concern from many contractors. The original framework of CMMC made very few distinctions between contractors. It consisted of 5 maturity levels, and all contractors would be scored according to at least one of them. Many firms felt that this expectation was not equally distributed across the defense sector. In response the, Department of Defense motioned to revise the original CMMC framework in a way that accounted for the varying types of business within the DIB. These revisions could actually make things easier for your business or organization.
Revisions Under CMMC 2.0
Under CMMC 2.0, there are three critical things to understand. First, there are no longer 5 maturity levels. The number has been revised down to three, and they are dictated by your companies relationship with Controlled Unclassified Information and High-Value Assets. Second, the DoD has relaxed its expectations surrounding the third-party accreditation body. This will no longer be required across the DIB. Instead, your obligation to submit to an audit will be determined by the maturity level you are required to comply with. Finally, CMMC 2.0 will allow more flexibility when it comes to bidding for contracts. Under the initial plan, non-compliance with CMMC would have made your firm ineligible to bid for contracts. Under this new plan, firms will retain their ability to bid under the condition that they submitted a written plan to reach compliance for their systems.
CUI and HVA CMMC 2.0 improves upon the original guidelines by making clear distinctions between contractors. Under CMMC 2.0, there are essentially three types of contractors; firms that handle CUI, firms that handle CUI and HVA, and firms that handle neither. When it comes to your compliance with CMMC, determining which of these applies to you is your first move. Contractors with no CUI or HVA obligation will be allowed to complete a yearly self-assessment. Firms that exclusively handle CUI will be allowed to self-assess assuming their CUI is not considered Critical National Security Information. In that instance, the firm will be audited every three years. Finally, companies that handle HVA will likely submit to an assessment overseen by the DoD rather than a third-party accreditation service.
Related Posts
Recommend
-
77
Pug.js is a HTML templating engine, which means you can write much simpler Pug code, which Pug compiler will compile into HTML code, that browser can understand. But why not write HTML code in the…
-
13
Some people get really fast at navigating around their Mac. After they learn various shortcuts here and there, they seem to do everything in a jiffy. You can’t be left out, though, because everyone should be making use of shortcuts in their d...
-
6
Make your life easier with GNU Make I’ve been trying to keep at least one post per month going, and I was sick with stomach flu today, so here goes: As our CS assignments get more and more complex, it’s starting to become t...
-
4
Unlocking the Mysteries of the Fed’s New CMMC Requirement by Anitian | Feb 1, 2021 | Compliance,
-
3
How to Use the CMMC Assessment Guides To receive certification under the
-
7
Ensuring compliance with DISA STIGs, NIST 800-53, CMMC, and RMFby Alexa Sevilla|2 June 2021See more posts about:
-
4
How to Make Google Ads Easier...
-
8
Big PictureMedium-sized business CEOs: make life easier with new software
-
2
Roblox’s new Creator Hub could make things a lot easier for developers / The new hub centralizes many of Roblox’s tools to make them easier to find and use. It seems like a boon for Roblox developers, but Roblox itsel...
-
2
Apple has a new toolkit that could make it easier for developers to port PC games to Macs...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK