Beyond NIST, CMMC Certification: A Resilient Cyber Supply Chain (E03c)
The Cybersecurity Maturity Model Certification (CMMC) from the Department of Defense (DoD) is about a resilient cyber supply chain CMMC is built on NIST standards and has certification associated with it. The Defense Industrial Base (DIB) can mitigate risk from third parties and the supply chain by implementing a CMMC-based compliance program. In this brief we step through seven key phases that an organization must navigate to be prepared for a CMMC assessment to achieve certification. We review critical CMMC artifacts required for an assessment including a system security plan, policies, procedures and implemented evidence. We examine samples of key plan documents vital for a CMMC assessment. We step through important elements for a CMMC scoping exercise, including CMMC enclaves. The DIB is under Advanced Persistent Threats (APT), that are global, yet the impact is local. Forward leaning, forward thinking organizations will look to start their CMMC journey sooner to ensure a resilient cyber supply chain is established.