0 likes | 9 Views
This article outlines the mandatory requirements for the Cybersecurity Maturity Model Certification (CMMC) that defense and government contractors must understand to remain compliant. It highlights the importance of cybersecurity practices and how adherence to these requirements can enhance security and trust within the defense supply chain.
E N D
A note for Defense and Government contractors Do you understand the mandatory requirements for CMMC? www.3hti.com
Hundreds of thousands of companies need to be CMMC compliant. If you are not sure about your client or third-party compliance standards, you could be behind. If you are a contractor or subcontractor working on projects or products for the Department of Defense (DoD) or the federal government, you will need to complete your Cybersecurity Maturity Model Certification (aka CMMC). Companies that do not participate in the CMMC program are subject to financial penalties when audited. www.3hti.com
What is CMMC? The US Department of Defense (DOD) has implemented security protection requirements for contractors and sub- contractors to protect sensitive unclassified information and data falling into the wrong hands. The Defense Industrial Base (DIB) is the target of more frequent and increasingly complex cyberattacks. To protect American ingenuity and national security information, the DoD developed the Cybersecurity Maturity Model Certification (CMMC) program to reinforce the importance of DIB cybersecurity for safeguarding the information that supports and enables our warfighters. www.3hti.com
Why do I need to participate in the CMMC program? The DoD currently requires covered defense contractors and subcontractors to implement the security protections outlined in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800–171 Rev 2 to provide adequate security for sensitive unclassified DoD information that is processed, stored, or transmitted on contractor information systems and to document their implementation status, including any plans of action for any NIST SP 800–171 Rev 2 requirement not yet implemented, in a System Security Plan (SSP). This will ensure defense contractors and subcontractors have implemented required security measures to expand application of existing security requirements. www.3hti.com
This includes: – Federal Contract Information (FCI) – Adding new Controlled Unclassified Information (CUI) security requirements for certain priority programs. The Department encourages contractors to continue to enhance their cybersecurity posture during the interim period while the rulemaking is underway. The Department has developed Project Spectrum to help DIB companies assess their cyber readiness and begin adopting sound cybersecurity practices. The information for this blog was taken from the website of the Chief Information Officer of the US Department of Defense – dodcio.defense.cov/cmmc www.3hti.com
Company Bio Do you have questions or comments? Let us know what's on your mind and how we can help 3000 ATRIUM WAY #296 MT. LAUREL, NJ 08054 866-624-3484 Let's Socialize www.3hti.com