PQA Certification and Allen CIO have put together the following recommendations relating to CMMC, the Cybersecurity Maturity Model Certification.
Announced on June 13, 2019, The Cybersecurity Maturity Model Certification is the new approach by the Department of Defense (DoD) to create a unified cybersecurity standard and properly secure their supply chain and the Defense Industrial Base (DIB).
Starting in 2020, companies that have DoD contracts or those applying for DoD contracts will need to begin the journey towards CMMC compliance. It’s estimated that between 2020 – 2026 all DIB organizations will become compliant with the new CMMC framework.
This endeavor becomes difficult for many manufacturers, especially those that are 25 people and smaller. Typically when they reach out to NIST 800-171 consultants (CMMC Levels 1-3 encompass all 110 security requirements specified in NIST 800-171) the first recommendation is an expensive roadmap that needs to be created. This can be difficult to afford, particularly for manufacturers that would like to be able to submit RFIs and RFPs.
While every manufacturer is unique here are 3 tips that can dramatically reduce the amount of time to implement and manage the requirements on NIST 800-171. Because every manufacturer has an IT person, IT Department or a managed service provider it is recommended that you bring them into this conversation. While they will not generally not have the skills or certifications to provide an audit, they can be involved in something absolutely necessary in this process. They need to understand the best practices that they should be taking advantage of to minimize the cost and staff impact without interfering with the cybersecurity goals of meeting these standards.
3 CMMC Tips For Manufacturers
- Microsoft 365 – Formally called Office 365, it is the only office productivity suite that manufacturers, particularly those that intend to work with DoD, should be using. They have tools that allow your IT to begin putting processes in place right now that will address NIST 800-171 goals.
- Security Software – There are dozens of NIST 800-171 requirements that involve monitoring and compliance tools that should be electronically monitored…it is impossible for a human to monitor certain information and events as good as the right software. While it is difficult for businesses to access these tools, IT Departments and outsourced IT companies can take advantage of these programs because they possess the technical prowess in order to configure and maintain. Here is a link that shows what is covered, out of the box, for one of these tools. Call Allen CIO for recommendations.
- Learning Management Systems – A LMS is becoming a requirement for all manufacturers. To push training to all staff, specific departments or different individuals is just one aspect of this type of software. Having a LMS can ensure that, if audited, your users have acknowledged that they understand the appropriate NIST 800-171 procedures you have put in place or changed. A LMS starts at around $750 per year for 40 users. Call Allen CIO for more information related to your specific needs.
Allen CIO provides IT Strategy and Technology Oversight for Manufacturing Companies between $50mm and $500mm. Contact us to discuss how we dramatically affect productivity, customer experience and scalability in manufacturers, which are requirements to boldly enter into the 4th Industrial Revolution.