Department of Defense sets guidelines
The Department of Defense (DOD) is ready to release its first manual for the Cybersecurity Maturity Model Certification (CMMC) guidelines. Several drafts have been released recently, with 0.7 being the latest in early December.
CMMC guidelines regulate organizations looking to do work on government contracts. Therefore, it’ll decrease the likelihood or severity of a breach in data. Eventually these guidelines will be required to work on government projects.
A step forward
CMMC regulations are the most recent step the government is taking in fighting cyber crime. As reports of cyber crime continue to climb, many are wondering what can be done to increase security. The DOD has its finger on the pulse of these concerns.
The CMMC will be monitored and accredited by a yet-to-be-named third party auditor who will evaluate individual security plans. This agency will be responsible for assessing organizations. The agency has five levels of assessment where an organization can fall.
The levels
The first level is basic cyber hygiene, providing a foundation for higher levels to build upon. Next, the second shows increased maturity of cyber hygiene, assessing further actions taken to tighten security. Third accredits good cyber hygiene and effective implementation of controls taken to meet security requirements. After that, the fourth level is for organizations that show substantial and proactive solutions to security. Finally, the fifth and highest level shows advanced or progressive security measures and shows an organization’s ability to implement and optimize those capabilities.
Layman’s terms
That’s a lot of fancy jargon to try to break down. In other words, the first step of the program is to make sure that an organization has a basic foundation of cybersecurity in place. This means, it’s more than your mom’s antivirus. Government agencies control a lot of sensitive data for the country’s infrastructure. Making sure any organization that works with them can prevent themselves from being infiltrated is a must.
As we go up the ladder, the DOD is looking at not only the structures an organization has in place, but also how well they use those structures. That is to say, a lock is only good if you know how to arm it.
Being certified in the fifth level means an organization not only has excellent security measures, but is skilled in the knowledge of how to use what they have. Above all, these are the organizations that don’t just “set and forget” their cyber security.
What’s good
We keep saying application whitelisting is the security measure of the future, but what we really mean is that it’s the security feature you should be using now. Subsequently, adopting some of the basic principals of the CMMC, like basic cyber hygiene, are good practices to put into place immediately.
In conclusion, as we continue to fight the war on cyber crime, let’s look to the experts in the fields of security to lead us in our own safe practices. Stay safe out there.
