探索我们的网络安全资源库, 包括案例研究, 白皮书, 最佳实践和专家思想领导.
了解更多 >网络安全成熟度
To enhance the protection of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within the supply chain, 美国.S. 国防部(DoD)正在与国防部利益相关者合作, 大学附属研究中心, federally funded centers and industry at large to develop the 网络安全成熟度模型认证 (CMMC), a process that measures the ability of company within the defense industrial base (DIB) sector to protect FCI and CUI. CMMC also adds a certification element to verify implementation of cybersecurity requirements and certifications will need to be performed by accredited third parties such as bet9游戏平台.
CMMC is designed to provide the DoD assurance that a DIB contractor can adequately protect CUI at a level commensurate with the risk and account for flow down to subcontractors in a multitier supply chain. The CMMC will be included in RFIs and RFPs in 2020 and will eventually be mandatory for all.
To learn more about the potential costs and how your organization can prepare for CMMC, download our 网络安全成熟度模型认证(CMMC)指南.
The CMMC model framework categorizes cybersecurity best practices at the highest level by domains.
Each domain is further segmented by a set of capabilities and achievements to ensure that cybersecurity objectives are met within each domain. Companies will further validate compliance with the required capabilities by demonstrating adherence to practices and processes that have been mapped across five maturity levels (explained below). 在这个背景下, practices will measure the technical activities required to achieve compliance with a given capability requirement, 过程将度量公司的成熟度.
CMMC模型有五个已定义的级别, 每个都有一组支持实践和过程, from 1级 that addresses basic cyber hygiene to proactive and advanced Levels 4 and 5. 并行, 过程的范围从级别1开始, documented at 2级 and optimized across the organization at Level 5. 满足特定的CMMC级别, an organization must meet the practices and processes within that level and below. 级别描述如下:
CMMC模型由17个域组成, the majority which originated from the FIPS 200 security-related areas and the NIST SP 800-171 control families. 域包括:
虽然CMMC的草案版本目前可供审查, the final version of CMMC is not expected to be released until January 2020. CMMC将于2020年6月开始出现在rfi中, and the expectation is that it will start appearing in RFPs in September 2020.
因为这与价格有关, CMMC网页的常见问题解答部分指出, 认证的成本将被认为是允许的, 可报销的费用,不会令人望而却步. 对于需要CMMC的合同, you may be disqualified from participating if your organization is not certified. 考虑到, we expect future RFIs and RFPs will allow prime contractors subcontractors to work the cost of compliance into their bids.
bet9游戏平台 has successfully completed the Certified Third-Party Assessor Organization (C3PAO) accreditation process and applied for the CMMC ML-3 assessment performed by the Defense Contract Management Agency’s (DCMA) Defense Industrial Base Cybersecurity Assessment Center (DIBCAC). 施耐德·唐斯是C3PAO候选人 and pending a successful CMMC ML-3 assessment, bet9游戏平台 will be authorized to provide certification assessments for the Department of Defense’s (DoD) 网络安全成熟度模型认证 (CMMC) program.
施耐德·唐斯是C3PAO候选人. Our team currently offers CMMC readiness and consulting services as a Registered Provider Organization (RPO). Our team includes several members currently in the process of applying for CMMC Certified Assessor status. OSCs should note that a single firm cannot perform both consulting and audit services for a single client per the CMMC-AB standards. 与此同时, 直到这些要求公之于众, we can help your organization prepare for CMMC by performing an assessment against the NIST 800-171 framework. 要了解更多关于我们的CMMCbet9平台游戏,请下载我们的 CMMCbet9平台游戏概述.
欲了解更多信息,请发送电子邮件 埃里克·赖特.