CAN CMMC SAVE GLOBAL DEMOCRACY?
In recent times, there have been several alarming incidents highlighting how unprepared the government and its contractors are for cyber threats. With the digitalization of the government and industrial industry, threats have much greater implications than cyber espionage, they are a threat to the global order. With China and Russia carrying out a number of successful cyberattacks on IP, trade secrets, and intelligence information the threat to global democracy is more evident than ever.
With the Cybersecurity Maturity Model Certification (CMMC) rolling out shorty, will it be the answer to the cyber threats threatening the global order? By its lonesome probably not however it is a positive step in the right direction. As of now the Pentagon standards of every contractor in the supply chain is simply not enough. Organizations must start to merge cybersecurity practices with their business culture.
““When it comes to handling information about weapon designs, the Pentagon must verify cybersecurity best practices” ”
“A lot of the time people didn’t understand what the requirements were. They just said ‘yeah I comply,’ so I can get business, Hence the reason we have that J-31 over in China that looks very much like our F-35.”, she continued. China's J-31 stealth fighter is built in part on plans taken from the United States from a 2007 espionage program on Lockhead Martin, the principal maker of the F-35. Had CMMC been in place in 2007, the chain of classified information would have been protected therefore making the attack less likely." It will ensure smaller subtractors are not given controlled unclassified information that they cannot protect", Bostjanick noted. Which the stakes so high, adding a consistent line of defense to protect our global democracy is something we should get serious about and embrace.
What We’re Building
The DoD has a clear mission: to protect the Defense Industrial Base (DIB) from malicious cyber activity. As a step in the right direction, the framework (CMMC) clearly outlines the nature of security practices required and includes a mandate that everyone needs certification to secure DoD contracts. What would make this an even more significant leap in the right direction? The ability to prepare for and obtain certification efficiently and affordably. That's where we come in. The CMMC documentation is dense – approximately 350 pages dense. For most contractors, unpacking it won't be easy without the help of experienced professionals. Their only option will be the traditional one: to outsource the problem to a third-party consultant. This usually means sending a team of security analysts to the client's site to conduct days' or even weeks' worth of interviews and information gathering exercises. Consultants then leave and spend another valuable 4-6 weeks drafting what ends up being a 200+ page assessment. Although the intention is to tell organizations where they stand and what their gaps are, this typically results in confusion and very little actionable information due to lack of context and no clear direction within the report. This traditional way of doing things does not encourage the transfer of knowledge or understanding about the logic behind the security controls being assessed and measured; therefore, implementing solutions to address the gaps is far from obvious.
To help address these issues, we have helped developed Jensie, a SAAS solution designed to support the DoD's mission. Jensie accelerates the DIB's adoption and implementation of CMMC by providing a cost-effective way for businesses to understand, assess, plan, and maintain all things CMMC. In addition, Jensie undoubtedly reduces the friction of becoming CMMC-certified through detailed yet understandable information and examples of practical solutions curated by experienced cybersecurity professionals.
The tool includes self-assessments to help businesses identify areas for improvement and progress-tracking so they know how much closer they are to being prepared.
Many businesses will need professional assistance along their journey to certification – Maverc has CMMC-AB certified professionals behind the product to guide them when needed. Maverc's cyber risk management team can work with the business and track items inside of Jensie. The time and expenses incurred are significantly reduced.
Jensie leverages the best-of-breed security technology to collect cybersecurity and compliance information from traditional information Technology devices, operational technology, and IOT appliances and solutions that sit behind your firewall(s). The solution takes a holistic approach to Vulnerability management of hardware and software on your network.
The CMMC documentation is dense. For most contractors, unpacking will be challenging without the help of proficient professionals. Their only option will be the old-fashioned one: to outsource the problem to a third-party consultant. Typically means referring a security analyst team to the client's site to conduct days' or even weeks' worth of meetings and information gathering exercises. Consultants then leave and spend another valuable 4-6 weeks drafting what ends up being a 200+ page assessment. More often than not, this process results in confusion and very little actionable information due to lack of context and no clear direction within the report. This traditional way of doing things does not encourage the transfer of knowledge or understanding of the security controls' logic being assessed and measured. Therefore implementing solutions to address the organizations' gaps are far from obvious. While the traditional outside consultant assessment strategy may work for substantial suppliers and primes themselves, it is not a solution that will work for the broader Defense Industrial Base. It's simply too time-consuming and too expensive. The goal of Maverc is to empower organizations and allow them to own their CMMC certification process truly. Instead of sending in a team of pricey consultants to assess an organization's gaps, Jensie walks the user through the CMMC readiness assessment and gap analysis process. This guided approach assesses and educates simultaneously, which leads to an informative, complete output. Solutions to gaps become more visible, and reports yield actionable information.
Let us connect the dots, using what we've learned over the past decade to help you move quickly and efficiently through to compliance and beyond. As experienced and certified CMMC compliance consultants, we create documentation and establish continuous monitoring and build IT infrastructure to maintain your CMMC compliance. So get in touch to begin your assessment today.