When the Fedtraderags start publishing on CMMC showing up in the Federal Register, you
know it's time. Today, it showed up on the Federal News Network.
Defense contracts everywhere are being hacked. Cyber espionage is very real and has been for long enough for foreign adversaries to steal nearly every piece of US (and other) military tech that will come to life in the next 20 years.
Alliances have formed, and espionage actors are targeting defense everywhere. Heck, I can even buy games today with accurate controls and flight patterns.
Here's the deal: CMMC is now offering three levels of certification instead of that all-or-nothing 110 SPRS score for Level 2. And let me tell you, this is big news for many of you out there.
The FCI and CUI handling requirements under CMMC seem strict, but they're better than they may seem. The graphic above shows what CUI is and isn't. FCI is a bit more broad, and this is from the horse's mouth (blogs.archives.gov). It's still confusing to me, but the bottom line is, of you don't handle CUI, you may still have to comply with FCI requirements, which are significantly lower than CUI. Think CMMC Level 1.
And CMMC Level 1 is a Game-Changer
Unless the government screws this up (by calling everything CUI, which they may very well do), is could be a real lifesaver for many of you.
Here's why:
- Level 1 is all about the basics. It's like cyber kindergarten - you learn to wash your hands before you start performing surgery, if you catch my drift.
- Self-Assessment: You can assess yourself for Level 1. That's right; there is no need to call the cavalry for this. It's like grading your own homework, but don't get any crazy ideas—it needs to be done annually and be right. And Uncle Sam's still watching and making it potentially profitable for whistleblowers to turn you in for gun decking your self-assessment.
- 17 Controls: Instead of that intimidating perfect 110 SPRS score, Level 1 only requires you to implement 17 controls. It's like going from a marathon to a 5K - still a challenge, but a lot more manageable.
"Jeff, why should I care?"
Let me break it down for you:
- Easier Entry: This lower level means more businesses can get their foot in the DoD contract door. It's like they've lowered the height requirement for the cyber rollercoaster.
- Focus on Basics: Starting with Level 1, you build a solid foundation. It's like learning to walk before you run. In fact, much of the basic cyber blocking and tackling comes in at Level 1!
- Scalability: As you grow and handle more sensitive info, you can move up to Level 2 or 3. It's a cybersecurity growth plan, folks.
Remember, with cybersecurity, something is always better than nothing. Level 1 might seem basic, but it's significantly better than leaving your digital door open with a "Hackers Welcome" mat.
So, to all you contractors out there, especially the smaller fish in this big DoD pond, take a good hard look at CMMC Level 1. It might just be your ticket to the big leagues without breaking the bank or your sanity.
Alright, folks, let's talk about CMMC. It's not just some fancy acronym anymore - it's the law. That's right, CMMC has hit the federal register, bringing some changes that'll make you sit up and take notice.
Here's the big news: Not all defense contractors must submit a perfect 110 SPRS score!
And now, you might not have to.
Need more information? Contact Trusted Internet for a 30 minute consult with one of our CISOs.
https://www.trustedinternet.io/contact.