CMMC is a complex topic that's facing security firms and government contractors around the company. While we are well into the implementation and deployment stages of the CMMC framework, many organizations are still wrapping their heads around requirements, upgrades and policies.
SecureStrux's Governance, Risk and Compliance Practice Lead, Tony Buenger, will be speaking today at 1:00pm Central Time at the California Polytechnic Institute, providing an overview of CMMC from contractors and security organizations' perspectives for an audit and/or certification.
What is CMMC?
The Cybersecurity Maturity Model Certification (CMMC) is a framework created to help the defense supply chain, agencies and contractors assess and demonstrate the maturity of their cybersecurity and compliance infrastructure. As part of this program, organizations must undergo audits from Certified Third-Party Assessment Organizations (C3PAOs) to determine an organization's maturity level and compliance with that level.
This compliance framework is critical for any organization handling Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). As it currently stands, you must achieve Level 1 maturity to handle FCI and Level 3 maturity to handle CUI.
Outside of these basics, CMMC draws on several federal regulations and cybersecurity documents and, at certain levels, can call for the capability for an organization to create data governance policies, field cybersecurity optimization plans and implement protection and response measures for Advanced Persistent Threats (APTs).
Tony will cover the path to CMMC certification, including topics like:
- Understanding the CMMC Model
- Identifying CMMC maturity levels
- Closing security gaps
- Using the CMMC-AB Marketplace to find a C3PAO
- Security Remediation
- Submitting results and applying for certification
This presentation will only be available to faculty, staff and students at Cal Poly, but we will incorporate Tony's insights into future discussions on this blog.
If you want to learn more about Tony's work or our CMMC and managed security services, then contact our support team today.