Posted by Mike Fitch on Oct 29, 2021
It’s Halloween 2021, which means it’s that time of year that you’ll see plenty of ghouls, goblins, jack-o-lanterns, trick-or-treaters, cybercriminals and the looming audits needed to meet CMMC requirements. Okay, maybe the majority of the public won’t need to worry about the last one, but it can definitely be a terrifying time for any organization or contractor who works with the US Department of Defense (DoD) that has yet to meet the appropriate level of CMMC certification. Not to mention, there’s no house more haunted than one that isn’t employing VPN, zero trust or antivirus software within its walls.
The Cybersecurity Maturity Model Certification, or CMMC, is a new set of security requirements for contractors working with the DoD so that Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) stays protected within the IT ecosystem. CMMC was announced in January 2020 and went into effect last November, replacing self-certification of NIST SP 800–171 compliance. The new CMMC requirements must fully be met for all new contractors by 2025.
In a previous post, we covered the five levels of certification for the CMMC requirement, as well as what it means for FED and SLED budgets in 2022. As a quick recap, here is each level of certification:
The DoD relies on its contractors, vendors and partners for critical IT projects, and sensitive data is often at the forefront of these assignments. The five levels of compliance will allow the DoD to assess a contractor’s ability to protect CUI and FCI on both a technical and non-technical scale. For most projects, companies will need to meet level 3 (Good Cyber Hygiene) to bid on DoD contracts. Certifications are valid for three years and are designed to understand and solve for the evolving threat landscape.
While it may seem less scary to watch The Ring at home, alone, with the lights off than to go through your CMMC audit and assessment, this process is critical for identifying and addressing any gaps that could interfere with attaining the different levels of CMMC compliance.
In short, DoD contractors that are unable to comply with CMMC will lose their DoD contract and will be unable to bid for future DoD contracts until the new guidelines are met.
While these threats of vulnerabilities are very real and more frequent than ever, there are ways that, collectively, we can mitigate risk. To start, passwords. Ensure all of your passwords are unique, impossible to guess and backed by multi-factor authentication (MFA). Email: Don’t open any emails that you have any suspicion of being fraudulent. Double and triple check the sender’s email address and don’t click any links or open any attachments unless you are completely certain that it’s safe. Lastly, as an organization, maintaining safe internet and cybersecurity practices needs to be part of the company culture, and it goes beyond those annual compliance training courses. In addition, it’s important to stay up-to-date on data privacy changes so that you can understand what personal data you’re sharing around the web.
At TD SYNNEX, our DLT (public sector) team can help you with your CMMC implementation and our Security Solutions team we can help also help mitigate vulnerabilities by helping you with VPN, antivirus software, device policies, zero trust and endpoint protection. Our industry-first Cyber Range can help you assess risks, identify threats and solve breaches through simulations within our interactive cyber playground.
Stay safe (both digitally and physically) and Happy Halloween!
