Government Technology Insider
  • About
  • State & Local
  • Civilian
  • Defense & IC
SUBSCRIBE
No Result
View All Result
  • Acquisition
  • AI & Data
  • Cybersecurity
  • CX
  • Digital Transformation
  • Hybrid Work
    • Work Smarter
  • Public Safety
  • Resources
    • Innovation and Technology to Advance Government
    • World of Work
    • Your Digital Transformation Path Starts Here
    • The Frontlines of Customer Experience
    • Innovative Solutions for Connecting Agencies
    • Be Ready For What’s Next
Government Technology Insider
  • Acquisition
  • AI & Data
  • Cybersecurity
  • CX
  • Digital Transformation
  • Hybrid Work
    • Work Smarter
  • Public Safety
  • Resources
    • Innovation and Technology to Advance Government
    • World of Work
    • Your Digital Transformation Path Starts Here
    • The Frontlines of Customer Experience
    • Innovative Solutions for Connecting Agencies
    • Be Ready For What’s Next
No Result
View All Result
Government Technology Insider
No Result
View All Result
Home Contributed Articles

Adjusting Amidst CMMC 2.0 Uncertainty

by Ben Scully
October 14, 2022
in Contributed Articles
Reading Time: 5 mins read
A A
Share on FacebookShare on Twitter

If you’re a Department of Defense (DoD) contractor, the Cybersecurity Maturity Model Certification (CMMC) has undoubtedly been on your mind. It’s no longer a matter of if the regulations go into effect, but rather when. That means companies are also realizing how time-intensive the compliance process is. 

The CMMC Assessment Process (CAP) will determine whether an organization has the proper cybersecurity protocols in place, and this certification will be required for securing future government contracts. A recent pre-decisional draft of the CAP would have far-reaching implications. Critics of the document cited a lack of quality control, clarity, and meaningful information. 

Despite the uncertainty, CMMC 2.0 compliance is expected to be mandatory for all Department of Defense contractors by March 2023. After that, you may risk losing out on contracts if found noncompliant — or worse. In a world where 93 percent of company networks are vulnerable to cybercriminals, we must not think of compliance as a roadblock or an unnecessary financial burden. It’s a matter of national security. As the defense industry grapples with more sophisticated attacks, CMMC compliance is essential to help contractors safeguard their organization, protect the sensitive information they possess, and bolster our national security. 

Ready to take action? Here are four takeaways from the most recent CAP Guide to help prepare for compliance amidst uncertainty. 

1. Choose Your Vendors Wisely 

Achieving compliance is all about mitigating risk. Before you begin the assessment process, take stock of your vendor list, including your MSP. The CAP Guide indicates that contractors will have to report any third-party personnel, procedures, or technologies relied upon performing its DoD contracts. While the language remains a bit ambiguous, it would be wise to ensure that any outside organization with access to your network is also on track to becoming CMMC compliant. Consider this a trickle-down security strategy. If your relevant vendors aren’t interested in or capable of keeping up with the ever-evolving DoD landscape, it may be time to look elsewhere. 

2. Choose the Right Assessor 

Self-assessments will not be an option. When it’s time to assess, confirm the authorization and standing status of your assessment organization. The CAP Guide outlines that “CMMC level 2 assessments will be conducted by CMMC Third-Party Assessment Organizations (C3PAOs),” which contractors can find on the AB’s online marketplace. The CyberAB will only accept assessments from authorized C3PAOs that are in good standing, so it’s crucial that you verify this. 

3. Take a Holistic Approach 

Building a network enclave to meet compliance can be tempting. The CAP Guide indicates that only the parts of the organization “that are performing DoD contracts and have access to the CUI need to be assessed.” As such, I’ve talked to a few companies that were considering the enclave approach — until they realized the inevitable scope creep this creates. 

You end up managing multiple infrastructures with higher costs in the long run, along with exposed vulnerabilities outside the enclave. If you are a DoD contractor, I strongly recommend taking a holistic, all-encompassing approach that layers security throughout your entire IT infrastructure. 

4. Start Immediately 

If you haven’t already, now is the right time to start the CMMC compliance process. While the Defense Industrial Base is still awaiting the final CMMC rules from DoD, contractors who know they will need a CMMC level 2 certification can begin taking steps forward. 

If you are prepared for these regulations ahead of time, you will be in good standing to compete for DoD contracts once the new rules have been implemented next spring. Investing in a compliant infrastructure now is a de-risking strategy to remain competitive in the future. 

 

Ben Scully
Ben Scully is the president of Avatara a St. Louis, Missouri-based company founded in 2005 that aims to help organizations solve complex, long-standing issues within their IT infrastructures.
Tags: CMMCCMMC 2.0Contributed ContentCybersecurity Maturity ModelDepartment of Defense

RELATED POSTS

Building a United Front to Defend Against Future Cyber Attacks
Cybersecurity

Building a United Front to Defend Against Future Cyber Attacks

February 6, 2023
The Department of Defense is Embracing a Holistic Approach to Transformation and Modernization
Defense & IC

The Department of Defense is Embracing a Holistic Approach to Transformation and Modernization

January 19, 2023
Contributed Articles

Network Disaggregation: The Solution to Four Fundamental Telco Challenges

January 17, 2023

TRENDING NOW

  • Advana

    Meet Advana: How the Department of Defense Solved its Data Interoperability Challenges

    8500 shares
    Share 3400 Tweet 2125
  • Network Slicing Enables Agencies to Create Private, Secure, and Customized Networks: A Podcast

    124 shares
    Share 50 Tweet 31
  • CISA Issues Updated Guidance to Protect Federal Agencies Against Expected Onslaught of DDoS Attacks

    32 shares
    Share 13 Tweet 8
  • Identifying the Building Blocks for a Successful Zero Trust Journey

    40 shares
    Share 16 Tweet 10

CONNECT WITH US

Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad
Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad
MaaS Nebula Software Factory Banner Ad MaaS Nebula Software Factory Banner Ad MaaS Nebula Software Factory Banner Ad
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad
Advertisment Banner Ad Advertisment Banner Ad Advertisment Banner Ad
Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad

BECOME AN INSIDER

Get Government Technology Insider news and updates in your inbox.

Strategic Communications Group is a digital media company that helps business-to-business marketers drive customer demand through content marketing, content syndication, and lead identification.

Related Communities

Financial Technology Today
Future Healthcare Today
Modern Marketing Today
Retail Technology Insider
Today’s Modern Educator

Quick Links

  • Home
  • About
  • Contact Us

Become a Sponsor

Strategic Communications Group offers analytics, content marketing, and lead identification services. Interested?
Contact us!

© 2023 Strategic Communications Group, Inc.
Privacy Policy      |      Terms of Service

No Result
View All Result
  • Home
  • About Government Technology Insider
  • State & Local
  • Civilian
  • Defense & IC
  • Categories
    • Acquisition
    • AI & Data
    • Customer Experience
    • Cybersecurity
    • Digital Transformation
    • Hybrid Work
    • Public Safety
  • Contact Us