- June 9, 2021
- Posted by: Rich Pepe
- Categories: Cloud Computing, Data Governance
Cybersecurity – CMMC Compliance and History
With all the reports coming out about companies being compromised by cybersecurity attacks, you almost long for the days when bad weather was the lead story. Let’s face it, the world has changed, and cybersecurity threats are only getting more frequent, and sophisticated. That is one of the reasons the Federal Government is implementing the Cybersecurity Maturity Model Certification (CMMC) for all its contractors. Gone are the days when a contractor can self-attest and say they are “working towards” certification, and CMMC is much more comprehensive than the Defense Federal Acquisition Regulation Supplement (DFARS).
So maybe you don’t know much about CMMC or cybersecurity. Sometimes its good to pause and look back, so we can learn and improve. Here’s a quick recap of how our nation’s cybersecurity posture has developed. If you want a more in-depth history lesson, you can invest an hour of your time and watch this great video from Jacob Horne https://www.youtube.com/watch?v=jbY2irZ1ePg
Here is the short version:
In response to 9/11 the Homeland Security Act was passed in November 2002. Two years later The Intelligence Reform & Terrorism Prevention Act was passed, all these to address our nation’s limitations to share information that was confidential, sensitive, classified, unclassified, etc. to prevent another 9/11 type incident. Over the years following, Presidential Memorandums were used to develop a better cybersecurity posture. In November 2010 Executive Order 13566 was enacted, bringing together all the work of the previous years, and developing the Controlled Unclassified Information (CUI) program we have today, applying it to the entirety of the government’s contracting base and establishing guidelines for protecting CUI on systems outside the government’s control. After years of clearing red tape, all necessary but tedious, in November of 2016 the “Final Rule” is implemented to protect CUI across the spectrum of governmental procurement environment. In the beginning, self-attestation was allowed, and certification was not required- until it became obvious that our data was still being compromised and risking our national security. Finally, CMMC was born.
After nearly 20 years of legislation and various program iterations, The US Department of Defense has implemented the Cybersecurity Maturation Model Certification (CMMC) for all government vendors to help protect information within the government supply chain.
If you are a DoD or government contractor/sub-contractor I strongly encourage you to watch Jacob Horne’s video, so you know why the investment of your resources to become CMMC compliant is so important. Not just so you can do business with the government, but for our national security.
It is well known that the cost of implementing CMMC is considerable. PARC, along with our partners at Avatara, can help you achieve CMMC compliance, oftentimes with significant cost savings, by using our CompleteCloud platform. Check out Avatara’s blog about how they helped one of their clients reach CMMC compliance for their IT platform https://avataracloud.com/completecloud-vs-gcc-high/
We are here to help answer questions and enable you to decide the best course of action for your firm. Let’s talk…