We’ve touched on the Cybersecurity Maturity Model Certification (CMMC) before in this blog, but over the next five weeks we’ll be doing a deep dive into this particular cybersecurity framework in our new CMMC Series. Starting with today’s post on what’s happening currently and what we can expect in 2022.
At Valley Techlogic, we believe a good cybersecurity framework can be the backbone for businesses looking to beef up their cybersecurity implementation. The roadmaps found within frameworks such as CMMC, HIPAA, CIS and NIST act as a perfect guide whether you’ve been implementing cybersecurity strategies for a while or are brand new to the process.
Our focus on CMMC occurs as the program is set to go through changes. CMMC Version 1.0 was released January 31st, 2020, and while it borrowed most of its components from NIST, it did have 30 additional requirements that aren’t found in the National Institute of Standards and Technology (NIST) framework.
Those additional standards will not exist in version 2.0 however, as the Department of Defense (DoD) moves to simplify the program and roll back any government oversight that may overreaching. Version 2.0 will allow more companies to self-certify as well.
Rolling out a new version of anything in the government is a time intensive process, since the new changes were announced it’s anticipated it could take anywhere from 9 months to 24 months before a ruling is established. Also, some groups who are currently involved in implementing CMMC are protesting the changes.
Regardless of what version exists, we’re past the point where businesses who hold contracts with the DoD can choose to ignore the writing on the wall. You will need to start implementing these security measures now if you haven’t already if you want to maintain your compliance with the DoD rules for their contractors. Whether 2.0 passes or not, CMMC is not going away.
CMMC accreditation audits are expected to kick off soon, and there’s even some talks about incentivizing businesses who receive their CMMC certifications before it’s officially required. CMMC certification also lets your customers know you take securing their data seriously within your organization.
Whether it’s 5 tiers found in the existing model or 3 tiers found in 2.0, the best place to start is in the first tier. These changes are easy to quickly implement and will lay the foundation for future cybersecurity improvements. At Valley Techlogic, we have experience helping businesses implement the requirements found within CMMC (as well as NIST, HIPAA, CIS and more).
We can help your business self-certify and prepare for CMMC accreditation. We can quickly bring you to compliance with tier one and set goals for the more advanced levels.
Over the next weeks we will talk about the goals found within tier one and beyond in this ongoing CMMC series. If you’re hoping to meet the qualifications for CMMC accreditation in 2022, schedule a meeting with us today to learn how we can help with the process.
Looking for more to read? We suggest these other articles from our site.
-
New Year, New Bugs – The Y2K22 Bug Crippling Exchange Servers
-
What’s the difference between a regular data backup and an archival backup?
-
Grab our 2021 HIPAA compliancy checklist and see how you can address HIPAA in the New Year
-
Does doing your own IT as a business owner really make sense? We did the math.
This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.