Cybersecurity Maturity Model Certification

An Introduction to the CMMC and who it applies to.

 

Hello. I’m Thomas Coke, Chief Strategy Officer of BitLyft Cybersecurity. This is the first of a series I’ll be posting, and to begin I’m going to spend some time talking about the new CMMC. You may have read a bit about this or you may have leapt feet first into assessing where you stand, but if you do business with the Department of Defense you’ll have to address this in the coming years.

What is the CMMC?

The CMMC, or Cybersecurity Maturity Model Certification, is a certification procedure developed by the Department of Defense to certify that contractors working with the department have the necessary controls to protect sensitive data. Specifically this data is called Controlled Unclassified Information, or CUI. As part of our first blog on this topic we’ll be providing some definitions and information on what is CUI and why it’s important and how it’s used.

What do I need to know about CMMC?

There are seventeen (17) specific domains within the certification, leading to five (5) levels ranging from basic hygiene to state of the art security. Most of those I’ve spoken with anticipate being within Level III. We’ll be posting about what those levels mean and what it will take to be in each level in the near future.

While the CMMC is based upon the NIST standards already in place and DFARS, it does differ in one key way. There is no self-certification. In other words you will be required to obtain certification through a third party assessment organization, or 3PAO. The first of these will come on line in May of 2020. Another thing to bear in mind is that certification and compliance does not mean security, just that you have appropriate measures in place.

Moving forward

On our next blog and video we’ll dive deeper into specific topics relating to the CMMC. We will also be keeping up on any important changes. For now the first posts will be on what the CMMC is (in more depth). Additionally we will talk about what you’ll have to do now, and what you’ll have to do in the future. With each blog post we’ll be shooting some short videos.

Thanks for reading. Remember, this is the first in a series, and I hope you’ll come back for the rest. Connect with me on LinkedIn to see them when they post. In the meantime check us out at BitLyft.com or on our LinkedIn page. If you’d like to connect directly my email is tom.coke@bitlyft.com. Have a great day!

More Reading

SIEM as a Service

What is SIEM-as-a-Service? (A Guide To Managed SIEM Service)

In today’s changing technological and economic landscapes, cybersecurity has never been more important. But how do you keep your organization’s information secure while maintaining compliance? SIEM-as-a-Service might be the answer. …

What is SIEM-as-a-Service? (A Guide To Managed SIEM Service) Read More »

SIEM-as-a-Service vs. SIEM On-Prem: Pros & Cons

Security Information Event Management, or SIEM-as-a-Service, technology is a crucial part of any organization’s cybersecurity strategy. But should you install your SIEM tools on-prem? Or should you rely on a …

SIEM-as-a-Service vs. SIEM On-Prem: Pros & Cons Read More »

Managed SIEM Service: Do I Get My Data?

SIEM tools can be a crucial part of securing your organization’s network. And a managed SIEM service can be an efficient and affordable way to utilize SIEM security. But here’s …

Managed SIEM Service: Do I Get My Data? Read More »

Managed SIEM Services

How Mature Is Your Managed SIEM Service?

Here’s a little trick to help you determine whether your managed SIEM is a mature solution: ask your service provider what the ‘M’ in SIEM stands for. What you may …

How Mature Is Your Managed SIEM Service? Read More »

About the Author

Avatar

marketing

Scroll to Top