With the release of the Cybersecurity Maturity Model Certification, the time for systems integrators and other contractors to evade compliance with cybersecurity mandates has finally run out.
The CMMC expands cybersecurity requirements to contractors and their supply chains.
On Jan. 30, the U.S Department of Defense (DoD) released the first iteration of the Cybersecurity Maturity Model Certification (CMMC) framework, which requires DoD contractors and subcontractors to obtain third-party certification of their cybersecurity maturity.
The DoD, Department of Homeland Security (DHS), the National Security Agency (NSA) and NIST have struggled for years to protect the supply chain, as well as threats from nation state and domestic attackers that continue to gain adversarial power against U.S. cybersecurity defenses.
Now, under the recent release of the CMMC, the time for systems integrators and other contractors to evade compliance with cybersecurity mandates has finally run out.
Security integrators that previously absconded their ability to address cybersecurity controls within their product catalog in the past now have to establish compliance with a federal standard that finally has teeth.
Under the regulation, if integrators provide services to the DoD, their organization can no longer assert that they have required security baseline controls in place using self-attestation or self-certification.
Beginning in June, the U.S. government and the DoD will select qualified, highly skilled cybersecurity auditing firms and professionals under a new program using the CMMC. The CMMC ranks organizational cybersecurity under a set of standards that are in-place on a rating ..
Support the originator by clicking the read the rest link below.
