Blog

Why the Cybersecurity Maturity Model Certification (CMMC) is important

The United States Defense Industrial Base (DIB) faces increasing challenges when it comes to cybersecurity, given the highly sensitive nature of the information that it handles and the frequency, complexity, and evolving cyber threats designed to gain access to that information and threaten national security.

The recently published 2023 Threat Assessment of the U.S. Intelligence Community advises that “China probably currently represents the broadest, most active, and persistent cyber espionage threat to U.S. Government and private-sector networks.”  The FBI asserts that China “is seeking to become the world’s greatest superpower through predatory lending and business practices, systematic theft of intellectual property, and brazen cyber intrusions.”  China, Russia, and other threats, including ransomware criminals, pose a  present and serious danger to the integrity of every business and to the confidentiality of information they possess and use.

For more than five years, DoD has required its contractors to comply with the cyber “Safeguarding” requirements of DFARS 252.204-7012.  The Cybersecurity Maturity Model Certification (CMMC) framework builds on the existing security requirements and, when the new regulations are finalize, will require businesses to pass external compliance assessments and meet stringent cybersecurity standards as a condition to bid on Department of Defense (DoD) contracts.

Today, while the rulemaking proceeds, thousands of DIB companies are subject to cybersecurity regulations and the DoD has increased its scrutiny of compliance against the existing standards. This has made cybersecurity hygiene and regulatory compliance more important than ever for businesses in the defense sector.  Non-compliance can be treated as a breach of contract, may foreclose new opportunities in the defense supply chain, and result in lost revenue, reputational damage, and even legal and financial exposure. 

Bob Metzger, of Rogers Joseph O’Donnell, PC, is an expert and recognized leader for his work on DoD cyber and supply chain security measures. In this video series, Bob shares his insights into the challenges that businesses in the sector now face, what likely lies ahead, and the specific requirements tied to forthcoming CMMC compliance. Learn what businesses can do to be adequately protected and achieve compliance with the present DFARS and the CMMC framework, as efficiently and effectively as possible.

Check out the videos below or the full playlist answering the industry’s top questions about CMMC. 

Question 10: What “acts or omissions” might expose companies to the greatest compliance or legal risk?

Question 9: What are smart strategies to elevate and accelerate compliance while also reducing vulnerability to ransomware and other threats?

Question 8: What are the differences between the two? What are key concerns of industry and how might they be resolved?

Question 7: What is CMMC and how does it address the current shortcomings?  When will it take effect?

  
Question 6:
Is cyber incident reporting important and what’s involved?

 
Question 5:
From DoD’s perspective, what’s missing from the current cybersecurity requirements?

Question 4:
Are some companies in the defense industrial base (DIB) subject to greater or lesser requirements than others?

Question 3:
What cybersecurity requirements are in place today and which companies are affected?

Question 2:
What’s the difference between cybersecurity and compliance?

Question 1:
Why do we need cybersecurity requirements for unclassified information?

Eager to learn more now? Connect with a CMMC expert at Exostar.