The DoD is taking a data-centric approach to security where the focus is on CUI as it is stored, transmitted and processed throughout the entire lifecycle of the system, application or service in question. government perspective, it is ideally suited to protect any type of “sensitive” data from personal data to trade secrets. While NIST 800-171 exists to protect Controlled Unclassified Information (CUI) from a U.S. However, it is something that you should take time to educate yourself on since it is on its way to becoming the “gold standard” of cybersecurity certifications for businesses regardless of the industry. If you are not familiar with CMMC, you are not alone. Essentially, CMMC is the method the DoD will use to perform independent, third-party audits of companies that fall within scope for NIST 800-171 compliance. military relies upon based on possible access to sensitive data. Boeing, Raytheon, etc.) all the way down the supply chain to small IT providers, janitorial service companies and bookkeepers, since even these small subcontractors have the potential to negatively influence the security of weapons systems and support services that the U.S.
This company-level certification requirement impacts every business from the titans of the defense industry (e.g. The initial scope for compliance with CMMC is a conservatively-estimated 200,000 businesses that make up the U.S. Absurd? Unrealistic? Actually, it is a very pragmatic understanding of what is coming with the Cybersecurity Maturity Model Certification (CMMC) that the US Department of Defense (DoD) is rolling out just a few short weeks away (January 2020).
In the not-too-distant future, I can clearly see how ISO 27001, SOC 2 and other certifications could become a diminished, legacy activity, viewed as a rarity left over from marketing efforts to distinguish an organization’s security posture from its competition.
0 kommentar(er)
