CMMC: Another Check in the Box or a Whole New Mindset
The Department of Defense’s (DoD) plan to instill a security mindset with its contractors is gaining traction. Gone are the days when cybersecurity was dealt with by ensuring all of your employees attend security training. Gone are the days when changing email passwords every couple of weeks was enough. The recent intrusions and penetrations into government and commercial entities’ data systems prove vulnerabilities exist and that a higher network security standard is required for the government community and its contractors.
In the case of the DoD, there exists a Defense Industrial Base (DIB) of over 300,000 Defense Contractors. As Department of Homeland Security (DHS) and General Services Administration (GSA) begin to take steps following the DoD’s lead with the Cybersecurity Maturity Model Certification (CMMC), the number of contractors potentially affected could grow significantly. It’s not too late to pivot, but changing an organization’s mindset doesn’t happen overnight. It requires planning and action to get your IT house in order.
While there is currently no certified organization to perform a CMMC Audit on your system from start to finish, make sure to follow the CMMCAB.org Marketplace to spot when the first organizations are cleared to do so.