WHAT ARE THE DEPARTMENT OF DEFENSE (DOD) CYBERSECURITY STANDARDS?
CMMC 2.0 INTRODUCTION
To safeguard sensitive national security information, the Department of Defense (DoD) launched CMMC 2.0, a comprehensive framework to protect the defense industrial base’s sensitive unclassified information from frequent and increasingly complex cyberattacks. The streamlined requirements of CMMC 2.0 simplifies compliance by allowing self-assessment for some requirements, applies priorities for protecting DoD information, and reinforces cooperation between the DoD and industry in addressing evolving cyber threats.
CMMC 2.0 KEY FEATURES
Tiered Model: CMMC requires that companies entrusted with national security information implement cybersecurity standards at progressively advanced levels, depending on the type and sensitivity of the information. The program also sets forward the process for requiring protection of information that is flowed down to subcontractors.
- Level 3: Expert – 110+ Practices based on NIST SP 800-171 and 800-172, government led assessments.
- Level 2: Advanced – 110 Practices aligned with NIST SP 800-171, third-party assessments.
- Level 1: Foundational – 15 Practices, self-assessments.
*The vast majority of organizations will be required to meet L1 or L2 standards.
Assessment Requirement: CMMC assessments allow the Department to verify the implementation of clear cybersecurity standards.
Implementation through Contracts: Once CMMC is fully implemented, certain DoD contractors that handle sensitive unclassified DoD information will be required to achieve a particular CMMC level as a condition of contract award.
NEED ASSISTANCE WITH CMMC 2.0 ADOPTION?
CYBERCARE – COMPLIANCE AS A SERVICE OFFERING
Risetech Partners will provide guidance on the compliance requirement, if applicable, for existing or new contracts. Our team of experts will assist in the creation and implementation of a cybersecurity plan for your organization to meet that portion of your compliance requirement. Risetech Partners has purposely built our CyberCare Framework to eliminate the burden of researching & vetting required security services, to accelerate the implementation of these required security services, and to alleviate the ongoing management of these required security services. Risetech Partners will assist with the implementation and management of all CyberCare Framework services. In the event of a security breach, Risetech Partners incident response team is available to provide remediation on demand. Contact us to learn more about Risetech Partners CyberCare!