The Cybersecurity Maturity Model Certification (CMMC) is a new US Department of Defense (DoD) standard for implementing best practices throughout the defense industrial base, which includes over 300,000 companies in their supply chain.
The CMMC was created to specifically address major compromises of sensitive and classified data on DoD contractor’s network and now requires a third-party assessment of DoD contractors' compliance with mandated practices that will better adapt to new and evolving cyber threats from our adversaries. There are 171 best practices described in the CMMC mode - at least 19 of which are directly related to a security awareness training program requirement.
The CMMC includes five maturity levels that establish cybersecurity requirements based on the sensitivity of the contractor's work. The CMMC domain “Awareness and Training” is concerned with ensuring that organizations at CMMC maturity levels 2 and above have a formal security awareness training program. And now, contractors that deal with Controlled Unclassified Information (CUI) are required to add insider threat training - long overdue after Edward Snowden’s use of social engineering to download approximately 1.2 million highly classified documents from the National Security Agency’s systems.
CMMC certification will soon (likely by Q3 2020) be a minimum requirement to be eligible for DoD contract awards. DoD has emphasized that the CMMC is a starting point for transforming contractors’ cybersecurity culture, and strengthen their third party supply chain.
Get Organized with KCM GRC
You want to be positioned well regarding the evolving complexities and requirements of DoD’s contracting award system, and KnowBe4 just released Control Guidance now for CMMC Level 1-5, so there is huge value right now for KCM users. Get a demo and see it for yourself.