Autor |
Beitrag |
Jemma
Mitglied
Beiträge: 174
|
Erstellt: 27.03.20, 08:38 Betreff: Cybersecurity Maturity Model Certification (CMMC)
drucken
Thema drucken weiterempfehlen
|
|
|
The CMMC is a certification procedure developed by the Department of Defense (DoD) to certify contractors have the controls to protect sensitive data including Federal Contract Information and Controlled Unclassified Information (CUI). The CMMC Model is based on the best-practices of different cybersecurity standards including NIST SP 800-171, NIST SP 800-53, ISO 27001, ISO 27032, AIA NAS9933 and others into one cohesive standard for cybersecurity. The Domains have seventeen (17) sections listed below:
|
|
nach oben |
|
|
Vicente
Mitglied
Beiträge: 162
|
Erstellt: 27.03.20, 08:38 Betreff: Re: Cybersecurity Maturity Model Certification (CMMC)
drucken
weiterempfehlen
|
|
|
The CMMC contains five levels ranging from basic hygiene controls to state-of-the-art controls, but unlike NIST 800-171, the CMMC will not contain a self-assessment component. Every organization that plans to conduct business with the Department of Defense will be required to undergo an audit by an authorized auditing entity before bidding on a contract or subcontracting to a prime.
|
|
nach oben |
|
|
Travis
Mitglied
Beiträge: 153
|
Erstellt: 27.03.20, 08:39 Betreff: Re: Cybersecurity Maturity Model Certification (CMMC)
drucken
weiterempfehlen
|
|
|
Zitat: Vicente
The CMMC contains five levels ranging from basic hygiene controls to state-of-the-art controls, but unlike NIST 800-171, the CMMC will not contain a self-assessment component. Every organization that plans to conduct business with the Department of Defense will be required to undergo an audit by an authorized auditing entity before bidding on a contract or subcontracting to a prime. |
The CMMC is intended to serve as a verification mechanism to ensure appropriate levels of cybersecurity practices and processes are in place to ensure basic cyber hygiene as well as protect controlled unclassified information (CUI) that resides in the Department’s industry partners’ networks.
|
|
nach oben |
|
|
selmajdanield
Mitglied
Beiträge: 52
|
Erstellt: 27.03.20, 08:39 Betreff: Re: Cybersecurity Maturity Model Certification (CMMC)
drucken
weiterempfehlen
|
|
|
CUI is information the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that a law, regulation, or Government-wide policy requires or permits an agency to handle using safeguarding or dissemination controls.
|
|
nach oben |
|
|
Jemma
Mitglied
Beiträge: 174
|
Erstellt: 27.03.20, 08:39 Betreff: Re: Cybersecurity Maturity Model Certification (CMMC)
drucken
weiterempfehlen
|
|
|
Zitat: selmajdanield
CUI is information the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that a law, regulation, or Government-wide policy requires or permits an agency to handle using safeguarding or dissemination controls. |
Version 1.0 of the CMMC framework will be available in January 2020 to support training requirements. In June 2020, the industry should begin to see the CMMC requirements as part of Requests for Information. The initial implementation of the CMMC will only be within the DoD, but we predict this will be expanded to the Federal sector at some point as well.
|
|
nach oben |
|
|
Vicente
Mitglied
Beiträge: 162
|
Erstellt: 27.03.20, 08:40 Betreff: Re: Cybersecurity Maturity Model Certification (CMMC)
drucken
weiterempfehlen
|
|
|
As stated, there is no self-certification. Your organization will coordinate directly with an accredited and independent third-party commercial certification organization to request and schedule a CMMC assessment. Your company will specify the level of the certification requested based on your company’s specific business requirements.
|
|
nach oben |
|
|
occupiersubsidize
Mitglied
Beiträge: 48
|
Erstellt: 27.03.20, 09:09 Betreff: Re: Cybersecurity Maturity Model Certification (CMMC)
drucken
weiterempfehlen
|
|
|
This new certification will set a universal general for carriers doing business with the DoD. The attain of enforcement and applicability has yet to be defined. However, vendors must meet the unique certification degree of procurement at the time of award, and the primary vendors should require any sub-contractors to meet the relevant CMMC necessities.
More Information Here https://commmunity.cmmchub.com
|
|
nach oben |
|
|
|