February 3, 2023

CMMC is being driven forward by the US DoD as the standard for Cyber Security oversight and assurance across it’s Defence Industry Base (DIB). With between 300,000 and 350,000 companies in the supply chain, ranging from SMEs up to large corporates will be impacted by the programme.  5 levels of maturity certification have been defined based upon a companies holding of FCI or CUI data. With companies processing FCI data will have to comply with up to 72 cybersecurity practices.  Those processing CUI will be assessed as a level 3 and above, required to comply with up to 171 cybersecurity practices as defined by NIST 800 171 r2.

The programme will ultimately create the standard for cyber security compliance against NIST across the DIB.  Whilst CMMC defines the references for good cyber security controls the challenge for companies big and small will be how to comply and maintain compliance. And challenge for those delivering oversight will be how to assess and accredit those companies.

Article from : Security Boulevard 05.2020

2 thoughts on “The core of CMMC is still DFARS 252.204.7012

  1. I’m really loving the theme/design of your site. Do you ever run into any browser compatibility problems?
    A few of my blog audience have complained about my blog not working correctly in Explorer but
    looks great in Safari. Do you have any ideas to help fix
    this problem?

Leave a Reply

Your email address will not be published. Required fields are marked *

Verified by MonsterInsights