The core of CMMC is still DFARS 252.204.7012

US Department of DefenceCMMC is being driven forward by the US DoD as the standard for Cyber Security oversight and assurance across it’s Defence Industry Base (DIB). With between 300,000 and 350,000 companies in the supply chain, ranging from SMEs up to large corporates will be impacted by the programme.  5 levels of maturity certification have been defined based upon a companies holding of FCI or CUI data. With companies processing FCI data will have to comply with up to 72 cybersecurity practices.  Those processing CUI will be assessed as a level 3 and above, required to comply with up to 171 cybersecurity practices as defined by NIST 800 171 r2.

The programme will ultimately create the standard for cyber security compliance against NIST across the DIB.  Whilst CMMC defines the references for good cyber security controls the challenge for companies big and small will be how to comply and maintain compliance. And challenge for those delivering oversight will be how to assess and accredit those companies.

Article from : Security Boulevard 05.2020

About CMMC Europe

Experienced cyber security professional with 20 years experience as CISO and global head of cyber risk. Advising boards of Engineering and Manufacturing, Publish and Media and Financial Services meet and maintain cyber risk management and regulatory compliance.

Leave a Comment

Your email address will not be published. Required fields are marked *

I accept the Privacy Policy