Managing CMMC compliance with an MSSP

Modified on: January 2, 2020

Key Article Takeaways

  • The Cybersecurity Maturity Model Certification (CMMC) will become the new standard for verifying cybersecurity controls and processes. It is being implemented by the Department of Defense. 
  • CMMC compliance will need to be reached by industry providers, including a Managed Security Service Provider (MSSP) by June 2020. The official requirements are expected to be released in their entirety in January 2020. 
  • New cybersecurity requirements will be included in defense contract Request for Information (RFI) responses by June 2020. 
  • The new CMMC program will support ISO standards for quality. It is a direct response to the vulnerabilities posed by past, current, and future cyber threats that have created a cyberwar. 

The government won’t be responsible for auditing CMMC compliance. A third party auditor will be selected by January 2020 to conduct audits on behalf of the Department of Defense (DoD).


What Does a Managed Security Service Provider Need to Know About the DOD’s Announcement?

In the middle of 2019, the Department of Defense (DoD) officially announced the introduction of a Cybersecurity Maturity Model Certification (CMMC). This unique security framework is designed to improve the cybersecurity regarding Controlled Unclassified Information (CUI) within supply chains, especially as it applies to the Defense Industrial Base (DIB). 

Version 1.0 of the CMMC framework is expected to be released in January 2020. By June 2020, CMMC requirements will be included in DoD Request for Information (RFIs) and Requests for Proposals (RFPs). The short time frame leaves government contractors an estimated six months to comply with new cybersecurity regulations. These regulations will include specific guidelines for safeguarding sensitive information, as well as dissemination controls. 

Why was the CMMC Created?

The CMMC framework is a direct response to the high profile data breaches that the DoD has suffered in the past few years. As stated within the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, the DoD is interested in thwarting the increase and evolving cybersecurity threats that consistently target sensitive information. 

The program will play a critical role in ensuring that the businesses (and contractors) representing the DoD are meeting all established cybersecurity requirements. It will include five levels of certification. The program will not only establish security as a priority, but it will create a unified standard within the entire DOD supply chain. Through one unified, and verifiable, standard, the DoD will increase its cybersecurity protection across all components of the supply chain.  

Understanding the Challenge of CMMC Compliance

While the CMMC is designed to offer a proven verification mechanism to cybersecurity best practices and processes, it does pose a challenge. The CMMC will ensure basic cyber hygiene, protect CUI, and ensure that industry partners’ networks are secure; however, achieving CMMC compliance can be a challenge for a small Managed Security Service Provider (MSSP)

The five levels of certification within the CMMC framework will be made fully available in January 2020. Unfortunately, contractors will have until June 2020 to become compliant. The shortened time frame, coupled with the anticipated depth of the five levels, can make compliance harder for small MSSPs. In order to achieve compliance, any business working with the government will have to demonstrate that all computer networks and cybersecurity practices meet CMMC requirements. In this vein, primes will need to help smaller companies, if they want to win future DoD contracts.  

The Solution to Maintaining CMMC Compliance

SecureStrux offers a solution to CMMC compliance that effectively saves time and reduces costs. The company’s cybersecurity team is ready to alleviate the compliance burden that faces many organizations. The team will leverage decades of DoD experience, expert-level certifications, and an inherent understanding of policies to help organizations achieve certain levels of CMMC compliance. 

Through a host of tools and processes that support the journey towards CMMC compliance, SecureStrux is ready to help organizations prepare for the large cybersecurity changes that loom in 2020. With endpoint security engineering, network access control, and insider threat protection, the entire SecureStrux team can help your organization achieve CMMC compliance, Finally, through CUI, RMF, and Cybersecurity Maturity Model Certification (CMMC) training at technical and non-technical levels, the SecureStrux team can help your organization remain compliant throughout the year. 

To be able to bid on DoD contracts in 2020, you will need to achieve certain levels of CMMC compliance by June 2020. Fortunately, the SecureStrux team can help you overcome compliance challenges in an expedited and cost-effective manner. Contact a member of the SecureStrux team today to enjoy the immediate and long-lasting benefits of working with a seasoned and mature cybersecurity firm.