To increase the cybersecurity posture of companies operating in government supply chains, the Department of Defense announced the creation of the Cybersecurity Maturity Model Certification (CMMC) in 2019, and a draft was made available.
On January 30, 2020, the DoD released Version 1.0 to the public. (Version 2.0 was announced on November 4, 2021.)
NIST Special Publication 800-171 covers the protection of "Controlled Unclassified Information" (CUI) defined as information created by the government, or an entity on behalf of the government, that is unclassified, but needs safeguarding.
How to Prepare for CMMC
In CMMC 1.0, there was no longer an option for self-attestation. That has changed in CMMC 2.0.
Can We Do It Ourselves?
Whether or not you can self-attest to CMMC depends on the level of CMMC to which you need to comply and the type of information you are handling in fulfillment of a DoD contract.
What's New in CMMC Version 1.0
There are many similarities in CMMC compared to NIST 800-171, and the goal remains the same: to protect CUI within government supply chains.
Technology Changes AND Process Changes
Cybersecurity is not a shopping cart where a secure IT environment requires nothing more than a full checklist. Instead, it is a combination of both technology changes and business process changes. This has always been our focus at Corserva.
If you've been putting off dealing with NIST 800-171 compliance and how CMMC impacts you, contact Corserva, we can help. We provide assessments for NIST 800-171 and CMMC readiness services.
Corserva is a CMMC-AB Registered Provider Organization™ (RPO) and we are listed on the Marketplace for the CMMC Accreditation Body (CMMC-AB).