Marti Arvin and Anthony Buenger on the CMMC Framework

Society of Corporate Compliance and Ethics (SCCE)
Contact
America’s data is under attack. Solar Winds and other recent headline-grabbing stories have demonstrated that foreign adversaries are eager to hack into computer systems for a wide range of purposes.

The US Department of Defense has had its supply chain hit hard, and to help protect both the chain and the nation’s assets has pursued the Cybersecurity Maturity Model Certification (CMMC), with a multi-level approach requiring outside certification, not the self-certification as in the past. Although only See more +

America’s data is under attack. Solar Winds and other recent headline-grabbing stories have demonstrated that foreign adversaries are eager to hack into computer systems for a wide range of purposes.

The US Department of Defense has had its supply chain hit hard, and to help protect both the chain and the nation’s assets has pursued the Cybersecurity Maturity Model Certification (CMMC), with a multi-level approach requiring outside certification, not the self-certification as in the past. Although only for defense contractors, it is a model worth watching since it may eventually expand, in one form or another, to additional areas of government contracting.

In this podcast Tony Buenger, Cyber Security Consultant and Instructor, and Marti Arvin, Executive Advisor, both of CynergisTek explain some of the complexities of CMMC and its many levels. Level 1 covers basic hygiene and is primarily focused on technical security controls. Level 3 is a certification that requires maturity in terms of documented policies and procedures that have been institutionalized. Level 5, the highest level, is focused on persistent threats.

Notably CMMC focuses not just on technology, but also on processes and people, even looking to ensure that the process are built into the organization’s governance. As a result, it’s not a standard for just the CISO or CIO to handle. CMMC is a commitment that needs to be institutionalized, takes time, and requires both trust and ongoing verification.

In sum, it very much requires the maturity that is a part of its name.

Listen in to learn more about CMMC and what your organization needs to do now, and possibly in the future. See less -

Embed
Copy

Written by:

Society of Corporate Compliance and Ethics (SCCE)
Contact
more
less

Society of Corporate Compliance and Ethics (SCCE) on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.