Photo by Braden Collum on Unsplash

Photo by Braden Collum on Unsplash

Understanding Cybersecurity Maturity Model Certification

Ready, Steady, …

Article from ADMIN 72/2022
United States Cybersecurity Maturity Model Certification will be required by mid-2023 to handle controlled unclassified information and win federal contracts, but it can also help minimize business risk and keep information out of the hands of adversaries.

The US Department of Defense (DoD or the Department) created the Cybersecurity Maturity Model Certification (CMMC) program to add a comprehensive and scalable certification process to verify the implementation of industry practices that achieve a cybersecurity maturity level. CMMC is designed to provide assurance to departments and agencies that the defense industrial base (DIB) contractor can adequately protect sensitive unclassified information such as federal contract information and controlled unclassified information (CUI). The US government is concerned with ensuring that the data and information their contractors receive is stored and used safely. This government-furnished information is more commonly known as GFI.

Of great concern is the potential that government-furnished information will escape into the wild. The US government wants to protect itself and its citizens against the theft of intellectual property and the sensitive information of US industrial sectors from malicious cyber activity. The aggregate loss of intellectual property and certain unclassified information from the DoD supply chain can threaten US economic and national security by undercutting technical advantages and innovation and significantly increasing risk to national security.

To address these concerns, the DoD issued an interim rule [1] September 2020 intended to create a DoD assessment methodology and CMMC framework to assess a contractor's cybersecurity posture. By issuing the interim rule, the US government is seeking to understand what requirements and business practices contractors incorporate to protect their unclassified information systems and the data that is housed on those systems from a threat actor.

The US currently requires DoD contractors to include Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012 [2] in

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus