Cybersecurity Maturity Model Certification (CMMC)

Prologue

The American tax dollar has been used to generate some very verbose, complicated, and detailed security standards. Standards such as NIST 800-53, NIST 800-82, REGGUIDE 5.71, NIST 800-171, which have then been used in whole or pieces in various compliance requirements for FISMA, HIPAA, SOX, 10CFR73.54. These standards have then been mapped to ISO 27001, GDPR, CCPA and numerous other standards from the NIST standards.

Enter the CMMC

Good news! There is a another DOD document recently published called the Cybersecurity Maturity Model Certification (CMMC). The CMMC is a way to gauge the giant task of compliance to NIST 800-171 and other standards based upon the actual risk profile of the entity. If you aren't working with a DOD contract you can still use this document as a quick assessment of your own security to the same standard (which can be mapped to all of your other requirements!)

You can take this model and quickly look at this image below and look at the controls and you can immediately gauge your current posture to a referenced defined level.

What's your companies level?

Have a nice day!

--Matthew Rogers

CMMC Slide Source

https://www.acq.osd.mil/cmmc/docs/CMMC_v1.0_Public_Briefing_20200131_v2.pdf