CMMC Compliance Assessment: Outline and Updates

i think everybody is familiar with thisuh picture where cmmc as part of thedfars and also the fcihas beenimplementing the five different levelsof cmmc model starting from basic allthe way to advancedwhere there are more than 171 practice sif an organization has to be certifiedas an advanced level and this gives themthe level of certification where theygetaccreditations and credits torunthe bids that are also participate insome of their department of defense federal contracts and government bidswhat we’re seeing is that most of theorganizations are trying to use thesebest practices and as we seewhat has entailed around the differentareas or categories of the cmmc model interms of its maturity scoring threatmodeling risk adoptationand how do we do the how do we mitigatesome of those risks uh increasingly wehave seen in the last few months thatorganizations are still leveraging thisnot just to participateor staying compliant uh as part of thebids or the projects that they are uhengaging with the government but evenusing it as a hygiene technique uh to gobeyond it uh in november 2020 uh we uhsaw that uh you know nist sb 800 172 also released uh uh with with uh thesupport from the center uh a new modelwhich is now uh more streamlined morefocused on critical systems and what isabsolutely relevantfor the organizations toparticipate or even even to certifythemselvesagainst the maturity model what we’veseen uh some of the interesting findingswhat actually led uh to uh you know tothese increased attention uh we’ve seenover 50 of the organizations especiallythe ones directly working with thegovernment or anything on the criticalinfrastructurewere breached in the last 12 monthseither resulting in integrity lossavailability loss data loss and alsomost importantly theoperational disruptions that we areseeing are the outages that we have seensimilar to some of the ones uh likesolar winds we saw we noticed last yearthe florida water plant uh gettinghacked uh all of these things uh kind ofprove what type of hygiene techniquesthat we need to use how do we map it howdo we benchmark ituh also uh mandates few mandates thathas been recommended especially uh nowthat with the new criticalinfrastructure bill that is beingdirected by the government is also uhbeing adopted across uh theorganizations for risk assessmentbuilding those maturity model across thecritical infrastructure validatingagainst different states of compliancecompliances and standardsthat are out there taking therecommendations even though it is nottoday it is notregulated or mandated by some of theentitiesthose are best practices some of themcan be self-assessed some of them can beengaged with third partieswho have the knowledge and also theskill setto be able to do this in a costeffective way is helping the overallcritical infrastructure adopt uhsecurity models with the technologyinnovation that we are seeing uh now uhsome of the recent updates uh what wealso saw with that was that the cmmclevel three and level four if you seespecifically talks about monitoringcontrols uh and also utilizing threatintelligence to block uh these maliciousdomains uh not reactively uh once theyare in the network but mostly uh use aproactive techniques where uh we areusing leveraging threat hunting we’reusing intelligence feeds through stickstaxi and cyber threat intelligence exchange that way the security leaders inside theorganizations can now proactively lookor hunt for potential inclusions thatthey are notcoveredin their existing security controls andthey can include them before an attackcan happen

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top