time 1 minute read

What is the Cybersecurity Maturity Model Certification (CMMC) v1.02 & NIST SP 800-171 rev2 Compliance | ComTec Solutions

Technology image for CMMC and NIST blog post

We have been fielding a lot of questions regarding NIST 800-171 compliance and the DoD’s new Cybersecurity Maturity Model Certification (CMMC) assessment program. As of September 29th, 2020, CMMC is a requirement as part of DFARS 252.204-7021, which requires compliance with NIST SP 800-171 as part of DFARS 252.204-7012. By 2025, all DoD suppliers will be required to have CMMC.

Cyber threats and attacks are increasingly targeting contractors that support the Department of Defense (DoD). Stolen data in this sector increases the risk to national security. As such, the DoD is working with contractors to increase the protection of information within the sector’s supply chain. This includes the development of the CMMC framework.

Because CMMC compliance requirements are still evolving, there are many questions about it. The team at ComTec Solutions is here to help your business navigate and implement CMMC and NIST SP 800-171 compliance as easily as possible.

What is CMMC?

The newly required CMMC is the DoD’s certification process used to ensure all contractors and equipment manufacturers doing business with the DoD, even if they don’t directly provide their products to the DoD, have cybersecurity standards that meet NIST SP 800-171 standards. The CMMC program aims to have organizations working within the defense industrial base (DIB) audited by an independent third party. The update is needed to help organizations maintain their defenses in the face of an ever-changing threat landscape. The requirements will vary depending on the level of risk each organization presents and includes five maturity levels designated ML 1 through ML 5. Each level has greater compliance requirements regarding NIST SP 800-171.

What is the focus of NIST SP 800-171?

The focus of NIST SP 800-171 is to protect Controlled Unclassified Information (CUI) anywhere it is stored, transmitted and processed by providing a standardized way to handle CUI.  Our NIST 800-171 remediation products and services are designed to scale for organizations. Additionally, complying with NIST SP 800-171 and other best practices can help your organization comply with other data protection laws and regulations including the SHIELD Act, LGPD, GDPR, CCPA, GLBA, PIPEDA, HIPAA, PCI DSS and 23 NYCRR 500.

At ComTec Solutions, we understand each organizations’ cybersecurity resources, capabilities, and needs are different. We will help you control costs while we work to improve your security. We begin this process with an evaluation to determine what changes you need to make. If you would like to learn more, please fill out the form below and someone from our team will reach out to you shortly. You can also contact us at 585-621-9303.