Step 1: Understanding CMMC
The conversation around cybersecurity has become increasingly important for the DoD as they face an ever-growing need for proactivity in security regulations with industry partners. CMMC was designed to provide increased insurance to the DoD for controlled unclassified information. This new standard will undoubtedly change how defense contracts are awarded, especially if those who interact with them fail to meet the new requirements.
So how do you guarantee you won’t miss the mark? The key is in your preparation.
Each quarter we host an education program centered around cybersecurity for our members. This month, joined by Senior IT Advisor at Advisicon Kevin Schmitt, we discussed the upcoming Cybersecurity Maturity Model Certification (CMMC), specifically how to address the gaps in your processes that could prevent you from meeting these requirements.
Step 2: Build a security baseline.
You need to know how your companies security processes are performing today in order to find the gaps. You can do this manually or leverage a tool like Microsoft 365 Compliance Manager that helps you easily manage your organization’s compliance requirements with a customized assessment tool.
In order to build a security baseline, you first need to understand the different CMMC maturity levels and your required maturity level. These levels include:
- Basic cyber hygiene: basic safeguarding, comply with FAR
- Intermediate cyber hygiene: transition step before protecting CUI
- Good cyber hygiene: required for those who need DFARS
- Proactive: demonstrate a substantial ad proactive cybersecurity program
- Advanced/progressive: demonstrate a proven ability to optimize capabilities to repel advanced persistent threats
Step 3: Develop a plan for your security gaps.
If you’re using the Microsoft 365 Compliance Manager, the initial assessment will give you an overview of how much your company has done and how much is left to go. After that, you can go to the “your improvement actions” tab to see what you can do to help your security score. The last steps are to execute the plan, adapt to the changes, and review and maintain compliance. In order to stay compliant, you need to keep up with these requirements as they change and evolve.
Pathways to Compliance – An NSTXL Member Program
Navigating cybersecurity directives can be overwhelming, especially for those who are new to working with the DoD. To minimize the impact of these directives, NSTXL has created 3 Pathways to Compliance for members who are embarking on their CMMC journey. Visit your membership portal to take advantage of exclusive discounted partnerships with companies like Advisicon who can help you meet CMMC requirements and explore our other pathways.