Government Technology Insider
  • About
  • State & Local
  • Civilian
  • Defense & IC
SUBSCRIBE
No Result
View All Result
  • Acquisition
  • AI & Data
  • Cybersecurity
  • CX
  • Digital Transformation
  • Hybrid Work
    • Work Smarter
  • Public Safety
  • Resources
    • Beyond Modernization
    • Technology Trends Shaping the Future of Government
    • World of Work
    • Your Digital Transformation Path Starts Here
    • The Frontlines of Customer Experience
    • Innovative Solutions for Connecting Agencies
    • Be Ready For What’s Next
Government Technology Insider
  • Acquisition
  • AI & Data
  • Cybersecurity
  • CX
  • Digital Transformation
  • Hybrid Work
    • Work Smarter
  • Public Safety
  • Resources
    • Beyond Modernization
    • Technology Trends Shaping the Future of Government
    • World of Work
    • Your Digital Transformation Path Starts Here
    • The Frontlines of Customer Experience
    • Innovative Solutions for Connecting Agencies
    • Be Ready For What’s Next
No Result
View All Result
Government Technology Insider
No Result
View All Result
Home Contributed Articles

Adjusting Amidst CMMC 2.0 Uncertainty

by Ben Scully
October 14, 2022
in Contributed Articles
Reading Time: 5 mins read
A A
Share on FacebookShare on Twitter

If you’re a Department of Defense (DoD) contractor, the Cybersecurity Maturity Model Certification (CMMC) has undoubtedly been on your mind. It’s no longer a matter of if the regulations go into effect, but rather when. That means companies are also realizing how time-intensive the compliance process is. 

The CMMC Assessment Process (CAP) will determine whether an organization has the proper cybersecurity protocols in place, and this certification will be required for securing future government contracts. A recent pre-decisional draft of the CAP would have far-reaching implications. Critics of the document cited a lack of quality control, clarity, and meaningful information. 

Despite the uncertainty, CMMC 2.0 compliance is expected to be mandatory for all Department of Defense contractors by March 2023. After that, you may risk losing out on contracts if found noncompliant — or worse. In a world where 93 percent of company networks are vulnerable to cybercriminals, we must not think of compliance as a roadblock or an unnecessary financial burden. It’s a matter of national security. As the defense industry grapples with more sophisticated attacks, CMMC compliance is essential to help contractors safeguard their organization, protect the sensitive information they possess, and bolster our national security. 

Ready to take action? Here are four takeaways from the most recent CAP Guide to help prepare for compliance amidst uncertainty. 

1. Choose Your Vendors Wisely 

Achieving compliance is all about mitigating risk. Before you begin the assessment process, take stock of your vendor list, including your MSP. The CAP Guide indicates that contractors will have to report any third-party personnel, procedures, or technologies relied upon performing its DoD contracts. While the language remains a bit ambiguous, it would be wise to ensure that any outside organization with access to your network is also on track to becoming CMMC compliant. Consider this a trickle-down security strategy. If your relevant vendors aren’t interested in or capable of keeping up with the ever-evolving DoD landscape, it may be time to look elsewhere. 

2. Choose the Right Assessor 

Self-assessments will not be an option. When it’s time to assess, confirm the authorization and standing status of your assessment organization. The CAP Guide outlines that “CMMC level 2 assessments will be conducted by CMMC Third-Party Assessment Organizations (C3PAOs),” which contractors can find on the AB’s online marketplace. The CyberAB will only accept assessments from authorized C3PAOs that are in good standing, so it’s crucial that you verify this. 

3. Take a Holistic Approach 

Building a network enclave to meet compliance can be tempting. The CAP Guide indicates that only the parts of the organization “that are performing DoD contracts and have access to the CUI need to be assessed.” As such, I’ve talked to a few companies that were considering the enclave approach — until they realized the inevitable scope creep this creates. 

You end up managing multiple infrastructures with higher costs in the long run, along with exposed vulnerabilities outside the enclave. If you are a DoD contractor, I strongly recommend taking a holistic, all-encompassing approach that layers security throughout your entire IT infrastructure. 

4. Start Immediately 

If you haven’t already, now is the right time to start the CMMC compliance process. While the Defense Industrial Base is still awaiting the final CMMC rules from DoD, contractors who know they will need a CMMC level 2 certification can begin taking steps forward. 

If you are prepared for these regulations ahead of time, you will be in good standing to compete for DoD contracts once the new rules have been implemented next spring. Investing in a compliant infrastructure now is a de-risking strategy to remain competitive in the future. 

 

Ben Scully
Ben Scully is the president of Avatara a St. Louis, Missouri-based company founded in 2005 that aims to help organizations solve complex, long-standing issues within their IT infrastructures.
Tags: CMMCCMMC 2.0Contributed ContentCybersecurity Maturity ModelDepartment of Defense

RELATED POSTS

DoD Agencies Accelerate Secure Software Delivery to Support the Warfighter
Cybersecurity

DoD Agencies Accelerate Secure Software Delivery to Support the Warfighter

September 20, 2023
Contributed Articles

An Aging Communications Protocol Could Spell Trouble for Defense and Aerospace Communities

September 19, 2023
Wireless technologies represented by an abstract picture of a lock overlaying the world map with wires and other things swirling around.
Defense & IC

Wireless Technologies in the Modern DoD: Building a Robust Communication Network

September 15, 2023

TRENDING NOW

  • A True Zero Trust Approach Requires Federal Agencies to Move Beyond Compliance

    A True Zero Trust Approach Requires Federal Agencies to Move Beyond Compliance

    374 shares
    Share 150 Tweet 94
  • Meet Advana: How the Department of Defense Solved its Data Interoperability Challenges

    12048 shares
    Share 4819 Tweet 3012
  • DoD Leverages Cyber Threat Intelligence for National Security

    130 shares
    Share 52 Tweet 33
  • Making Identity Verification Equitable for All

    22 shares
    Share 9 Tweet 6
  • AI Implications – Power Requirements Going Nuclear on Local Grids

    30 shares
    Share 12 Tweet 8

CONNECT WITH US

BECOME AN INSIDER

Get Government Technology Insider news and updates in your inbox.

Strategic Communications Group is a digital media company that helps business-to-business marketers drive customer demand through content marketing, content syndication, and lead identification.

Related Communities

Financial Technology Today
Future Healthcare Today
Modern Marketing Today
Retail Technology Insider
Today’s Modern Educator

Quick Links

  • Home
  • About
  • Contact Us

Become a Sponsor

Strategic Communications Group offers analytics, content marketing, and lead identification services. Interested?
Contact us!

© 2023 Strategic Communications Group, Inc.
Privacy Policy      |      Terms of Service

No Result
View All Result
  • Home
  • About Government Technology Insider
  • State & Local
  • Civilian
  • Defense & IC
  • Categories
    • Acquisition
    • AI & Data
    • Customer Experience
    • Cybersecurity
    • Digital Transformation
    • Hybrid Work
    • Public Safety
  • Contact Us