In order to be DFARS compliant, organizations must pass an assessment that follows NIST 800-171. NIST 800-171 supplies clear guidelines on the best practices for information security. The primary goal of NIST 800-171 is to protect the confidentiality of unclassified information and reduce the risk of data breaches. NIST 800-171 influences standards like DFARS and the CMMC.
CMMC is the DoD’s next step in protecting national security data and networks from cyberattacks. CMMC shares the same goals as DFARS but reevaluates how the government categorizes vendors’ cybersecurity posture. CMMC adds on DFARS by clarifying security controls and adding additional requirements for compliance. This model ranks the maturity of a vendor’s cybersecurity program from “Basic Cybersecurity Hygiene” to “Advanced” based upon their data protection efforts. The achievement of higher CMMC levels enhances the contractor’s ability to protect CUI and guard against adversary attacks. Unlike DFARS, CMMC requires assessments to be conducted by Third Party Assessment Organizations.
The version of CMMC is continually being updated. You can find the latest version here:
https://www.acq.osd.mil/cmmc/draft.html
At Alpine Security, we include a baseline and bi-annual CMMC audit in our CISO-as-a-Service program. We evaluate a vendor’s practices and processes in comparison with the cybersecurity controls required in NIST 800-171. Following the initial assessment, we prepare a “Cybersecurity Roadmap” outlining the steps to achieve desired CMMC compliance.
More Info: a+ network+ security+ jobs
No comments:
Post a Comment