-
Home
-
Knowledge Base
-
David J Steele
- CMMC 2.0
Knowledge Base
CMMC 2.0
The Cybersecurity Maturity Model Certification (CMMC) program enhances cyber protection standards for the Defense Industrial Base companies. It is designed to protect sensitive unclassified information shared by the Department of Defense (DoD) with its contractors and subcontractors. Additionally, the program incorporates cybersecurity requirements into acquisition programs and provides the DoD. Increased assurance that contractors and subcontractors are meeting these requirements.
 |
|
Source: https://dodcio.defense.gov/Portals/0/Documents/CMMC/ModelOverview_V2.0_FINAL2_20211202_508.pdf |
What is CMMC?
CMMC is a tiered model for companies entrusted with national security information to implement a cybersecurity standard at progressively advanced levels depending on the type of sensitive information required to complete the government or vendor contract.
In September of 2020, the DoD published an interim rule to the Defense Federal Acquisition Regulation Supplement (DFARS) in the Federal Register, which implemented the DoD’s initial vision for the CMMC program (CMMC 1.0). The interim rule became effective on November 30, 2020, establishing a five-year phase-in period.
In March 2021, the DoD initiated an internal review of CMMC’s implementation, informed by more than 850 public comments in response to the interim DFARS rule to refine policy and program implementation.
In November 2021, the DoD announced CMMC 2.0, an updated program structure and requirements designed to achieve the primary goals of the initial review.
How does CMMC affect my company?
Companies will be required to comply with the new rulemaking once the forthcoming rules go into effect.
As of January 2021, the DoD is still pursuing rulemaking and has suspended the current CMMC Piloting efforts and will not approve the inclusion of a CMMC requirement in any DoD solicitation.
The DoD encourages contractors to continue to enhance their cybersecurity posture during the interim period while the rulemaking is underway.
CMMC bases the control and protection of Controlled Unclassified Information (CUI). CUI is information that requires safeguarding or dissemination controls consistent with applicable laws, regulations, and Government-wide policies but is not classified.
Intrada moves all network security standards to a CMMC 2.0 on a LEVEL 1 (Foundational) and partial LEVEL 2 (Advanced) based on the clients’ business focus and requirements.
How can Intrada Help?
Intrada also considers Protected Health Information (PHI) under The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule to follow the exact safeguarding requirements. PHI is health information in any form, including physical, electronic, or spoken information. Essentially, all health information is considered PHI when it includes individual identifiers. HIPAA is a federal law that requires the creation of national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge.
Following the CMMC standard as a benchmark for policy and procedures has allowed Intrada to create cyber security plans for our clients that handle compliance requirements for Cyber Insurance Policies, HIPAA Enforcement, future CMMC assessments, Criminal Justice Information Services (CJIS), and good corporate cyber hygiene.
Starting with a standard and removing items that do not apply has allowed a more complete policy, procedure, and management process.
Intrada continues to work for clients through CMMC Self-Assessments and create policies and procedures to enhance cyber security practices and network security practices and implement employee awareness and training programs.
If you are interested in learning more about Intrada’s approach to Network Management and how we handle Cyber Security and Compliancy, contact our Client Services Team today.
Intrada Technologies client services team: David Steele, Rachel Edwards, Nicole Keiner, and James Haywood
Sources
https://www.acq.osd.mil/cmmc/about-us.html
https://www.hhs.gov/hipaa/index.html
About the author
Contact Us
|
Contact Information: |
Hours of Operation: |
OUR FOCUS
Intrada Technologies is a full-service web development and network management company with a focus on creating ongoing, trusted partnerships with each of our clients.
We make sure our clients have what they require to run their businesses with maximum efficiency and reliability, as many of their needs are mission-critical.
Our unique, collaborative partnerships allow us to provide our clients with the assurance that we will be there when they need us.