Since the announcement of the CMMC standard for DoD contractors, people have been scrambling to collect and share information about what the certification will require, how the audits will be performed, and when it will go into effect. We feel a crucial piece of information that has been missing is the “why”.
One of the biggest threats to national security is the disruption of the defense supply chain.
What enemies have figured out is that the only way to hinder powerful countries like the United States is by an asymmetrical attack- stopping the bullet before it is made. With the sophistication of technology, information, and systems necessary for the progression and production of supplies became huge targets for cyberattacks.
The government quickly realized this vulnerability, spurring the implementation of security standards for defense contractors. By adding the security standard, listed as NIST SP800-171, into the Defense Federal Acquisition Regulation Supplement 7012 (DFARS 7012), it effectively became law that contractors had to affirm they met the NIST SP800-171 standard if they were to be awarded a defense contract. If it was found that a contractor falsely claimed this and fell victim to a cyber-attack, they could be sued by the Department of Justice under the False Claims Act. In 2019, the DOJ sued for over 3 billion dollars in false claims, and effectively put many contractors out of business.
After all that work, we were effectively attacking our own supply chain by putting these vital contractors out of business. The solution? A regulatory body to educate and certify that contractors meet the security standards set forth before a contract is awarded. Thus the CMMC-AB was born.
The goal of the CMMC-AB is to enhance the security baseline set by DFARS 7012 and NIST SP800-171 and build a curriculum and certification process to ensure that before a defense contract is even awarded, the contractor has been certified as meeting the new standard by an accredited auditor.
Though the CMMC-AB is still in early stages, they have publicly stated that the time to begin working towards compliance with the new standard is NOW. It takes time to adjust and implement security practices and software to meet these standards, and it can be confusing to understand what is expected. This is why On-Call Computer Solutions is devoted to guiding you through it. As the experts, we can audit your existing security framework, pinpoint areas that need improvement, and implement those changes into your business, preparing you to ace your CMMC audit. Give us a call today to learn more.