Avoiding Cyber Compliance Claims: Learn About the DOD's New Standards

October 27, 2020

by Steve Dorenkamp, Vice President and Manager of Claims 

Construction contractors working for the Dept. of Defense (DOD) can expect to see Cybersecurity Maturity Model Certification (CMMC) compliance as a requirement in future contracts. The CMMC is a unified cybersecurity standard across the entire defense industrial base.

Over the next five years, they will need to acclimate to the new CMMC standard. The standard will require contractors to be certified by a third-party assessor into one of five levels.

Level 1

Processes: Performed. Perform the required practices; this can be in an ad hoc manner.

Practices: Basic cyber hygiene. This requires compliance with the basic cybersecurity standards in the Federal Acquisitions Regulation as DFARS (252.204-701). 

Level 2

Processes: Documented. Document practices and policies so they can be performed repeatedly.

Practices: Intermediate cyber hygiene. Implement some of NIST SP 800-171 requirements.

Level 3

Processes: Managed. Establish, maintain and resource a plan demonstrating practices implementation. 

Practices: Good cyber hygiene. Fully comply with NIST SP 800-171 and DFARS 252.204.701

Level 4

Processes: Reviewed. Review for effectiveness with the ability to take corrective action.

Practices: Proactive. Have proactive practices focusing on protecting data.

Level 5

Processes: Optimizing. Standardize and optimize all processes across the organization.

Practices: Advanced/Progressive. Have proactive practices that focus on protection from advanced persistent threats. 

Read the full article here.

Source: ENGINEERING NEWS RECORD, OCTOBER 12 2020

Additional information on this topic, can be found on Engineering News Records website found here.