What does CMMC really mean for SMEs?

As a small business, you have a specialty, and then there are many departments that do not have the human resources or bandwidth for you to give it sufficient consideration. That’s certainly true when it comes to payroll, accounting, HR and other concerns. Next, consider the importance of your records and how you keep and protect your computer’s documents and policies. The security of your organization’s data and your client’s data is essential to your survival. A single data breach can close doors, ruin your reputation, and impose incredible fines. More than ever, companies can’t afford to ignore poor data management and security implications.

What that means and why

Recent emergence of the Cybersecurity Maturity Model Certification (CMMC) initiative to effectively build Pentagon existing beliefs DFARS 252.204-7012 Regulations that require contractors to at least “self-certify” the implementation of appropriate security practices independently verify that appropriate controls are in place to protect government data before doing business. This essentially enhances the readiness of the defense industry base. ..

Translation: If you are currently working at DoD, or plan to work at DoD in the future, you will need digital hygiene, from mowing to handling cargo.

The CMMC Initiative has updated its requirements in response to the rise in cyberattacks. The interim rule, which will come into effect on November 30, states that “DoD has an urgent need to immediately assess where vulnerabilities exist in the supply chain and take steps to correct such deficiencies.” Stated.

The Department of Defense Federal Procurement Regulations Supplement (DFARS) rules require defense contractors to implement certain data security modifications through the Department of Defense’s basic evaluation process. This process is submitted to the supplier risk management system. In addition, defense industry contractors need to be certified under the CMMC framework, which evaluates security processes and practices. These evaluations are now performed by CMMC third-party evaluation bodies rather than self-certification.

What should SMEs do?

What that means for small businesses is that they need to start the process of getting CMMC certification. By starting now and spending in stages, SMBs can charge a fixed price and use advisory services to help guide clients in stages.

No matter where you look, CMMC service providers are pitching their products. It’s starting to look like a bakery section. What should I consider when looking for an advisor to support my organization with this certification?

  1. Go with an organization that has a proven track record of cybersecurity advisory services and staff who are actually tracking CMMC. The challenge is that it will continue to evolve, and the agenda proposed in July may not always be the same in November.
  2. Get the fixed price option for CMMC Advice. What roles and services does the team offer? Initial valuation should be done for a small fee in order to understand the level of business and work within DoD and the type of data processed. Estimates depend on work and risk.
  3. Do not sign with anyone without getting at least two quotes. It’s worth the time to do a reference check, or at least compare prices.

The reason for these enhanced security measures for CMMC is simple. If you work for the Department of Defense, you may somehow store some form of information that could be exploited as a vulnerability to government defense. To strengthen our defenses, CMMC requires that all vendors working for the Department of Defense be responsible for their data and how it is managed. According to Verizon’s 2020 Data Leakage Survey Report, SMEs account for 58% of data breaches. “Not really WhenAttempts to leak data are occurring here.

There is no better time for companies to evaluate their business cyber roadmap and start developing risk management protocols. In the face of national transition, the process of meeting new requirements is collaborative.

The resources, tools, and expertise in the area of ​​interest are plentiful and accessible within the federal ecosystem. This is not only the cost of doing business, but also our responsibility as a citizen. We are all on the same path of continuously ensuring data security, business compliance, and addressing the impact of cyber threats. Working with trusted advisors, SMEs can manage CMMC and continue to work for the Pentagon.

Les Buday is a member of HumanTouch, LLC’s CMMC Advisory Board and director of cybersecurity in Tysons, Virginia.

What does CMMC really mean for SMEs?

Source link What does CMMC really mean for SMEs?

Back to top button