Defense Industrial Base (DIB) has become a target of increasingly complex and frequent cyberattacks. To protect the FCI (Federal Contract Information) and CUI (Controlled Unclassified Information), in November 2021, OUSD A&S announced CMMC 2.0. It aims to dynamically improve the DIB cybersecurity to meet the evolving cyber threats, instill a collaborative culture of cyber resilience and cybersecurity, and ensure accountability while reducing barriers to compliance.
The basic premise of the CMMC is to ensure that by 2025, all the DoD supply chain contractors and subcontractors, except for the providers of commercial-off-the-shelf products, should get a third-party certification for their proficiency in cybersecurity before embarking on the awarded contract.
Controlled Unclassified Information (CUI) refers to information that requires safeguarding or dissemination controls under federal regulations or government-wide policies. CUI is a result of Executive Order 13556, which aims to standardize the management and protection of unclassified information across federal agencies.
In 2007, ITT was fined $100 million for illegally exporting night vision technology. ITT thought that they could work around the imposed restrictions. However, the government didn’t agree with how they interpreted the rules. In April 2018, FLIR Systems was fined $30 million by the State Department for transferring USML data to employees holding dual nationalities. FLIR was also instructed to implement a better compliance strategy and hire a third party to oversee the agreement with Department as part of the penalty. Because of illegally exporting technical drawings of the missile, tanks, and aircraft components to countries like China, the State Department fined Honeywell International $13 million.
Does your company process, produce/manufacture, or repair various parts under USML for the Department of Defense? Or do you offer defense services or broker items controlled under the International Traffic in Arms Regulations (ITAR)? Then you are part of the Defense Industrial base (DIB). There are an estimated 350, 000+ companies in the DIB, with many in the precision metalwork industry. However, manufacturing on shop floor comprises many processes, from consulting, drafting, drawing, casting, and assembly, among many others.
Streamline Your NIST SP 800-171 Compliance with Our Assessment Template: A Comprehensive Guide to Evaluating and Enhancing Your Organization’s Cybersecurity Posture
The DoD’s current cybersecurity regulations are specified in the Defense Federal Acquisition Regulation Supplement (DFARS), released in 2015. DFARS required the defense contractors handling Controlled Unclassified Information (CUI) to build resilient cybersecurity infrastructure following the 110 security controls specified by the National Institute of Technology and Standards Special Publication 800-171 (NIST SP 800-171) by the end of 2017.
“CMMC 2.0 Consultants” are everywhere. Companies claiming to be CMMC 2.0 consultants and expertise in SP 800-171 Rev. 2. Most of these same companies have little to no experience in CMMC 2.0 or even Federal information compliance. They are chasing buzzwords and your hard-earned money.
We have developed an informative and comprehensive article about CMMC compliance that will help you understand the topic in detail. In this article, we will discuss what CMMC compliance is, why it’s important, and what the different levels of cybersecurity maturity are. Our aim is to provide you with the knowledge you need to navigate this complex subject and stay ahead of the competition.
At present, the world is moving towards a “everything is in the cloud”. Technological advancements are making our lives easier, but at the same time, they are creating new and serious challenges. One of the biggest challenges that we are facing today is the increasing frequency and sophistication of cyberattacks. In this article, we will explore the various types of cyberattacks, their impact on businesses and individuals, and how to protect ourselves from them.
The Cybersecurity Maturity Model Certification (CMMC) is a set of cybersecurity standards developed by the United States Department of Defense (DoD) to ensure that companies that work with the government have adequate cybersecurity measures in place. CMMC Level 3 is the third level of certification in the CMMC model and is designed for companies that handle Controlled Unclassified Information (CUI) that is critical to the mission of the DoD. In this article, we will discuss the basics of CMMC Level 3 and what you need to know to achieve compliance.
Partner with Us for Compliance & Protection
We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.
What happens next?
Schedule an initial meeting
Arrange a discovery and assessment call
Tailor a proposal and solution