CMMC / NIST Compliance
It is no secret that defense manufacturing companies in the United States are getting hacked!
“If we were doing all the necessary security controls, we wouldn’t be getting exfiltrated to the level that we are. We need to level set because a good portion of our defense industrial base doesn’t have robust cyber hygiene. Only 1% of [Defense Industrial Base] companies have implemented all 110 controls from the National Institute of Standards and Technology. We need to get to scale where the vast majority of DIB partners can defend themselves from nation state attacks.” A quote from Katie Arrington, the Special Assistant to the Assistant Secretary of Defense for Acquisition for Cyber in the Office of the Under Secretary of Acquisition and Sustainment in DoD.
Defense manufacturers and others in the government supply chain are high priority targets. They face threats from nation states and other highly skilled and capable malicious actors.
From www.NIST.gov: “If a manufacturer is part of a DoD, General Services Administration (GSA), NASA or other federal or state agencies’ supply chain, the implementation of the security requirements included in NIST SP 800-171 is a must.”
To date, very few small to mid-sized manufacturers have taken the necessary steps to achieve these compliance requirements. As a response to this lack of action the Department of Defense (DoD) released the Cybersecurity Maturity Model Certification guidelines on January 30th, 2020.
Soon, “certifiers” will be meeting with manufacturers to verify they meet the necessary Maturity Level requirements.
Since the CMMC is newly started, it is currently unknown what the full ramifications of non-compliance will be. It is likely that being denied government contracts will occur, and the possibility of fines and other penalties may follow.
The greatest risk of non-compliance is the damage done to the country along with the businesses compromised by cyberattacks through sensitive data theft, financial loss from ransomware, and loss of production and reputation.
How We Help
With Cybersecurity costs being an allowable expense in certain defense manufacturing contracts, Future Networking provides a proprietary CMMC Road-map that lays the foundation for your compliance. Our road-map delivers the full range of necessary documentation, while implementing a proprietary spectrum of security tools, to help meet compliance and mitigate threats.
Compliance essentially consists of four overarching segments:
- Assessing the network infrastructure, detecting threats as they occur while finding other potential threat access points.
- Reporting what those threats are, prioritizing those threats and developing a timeline to mitigate those threats.
- Documenting administrative protocols on who is accountable for the network, the practices and procedures to follow if there is a breach, documenting any breaches and the procedures followed, and documenting the activities done in the ongoing process to continue to mitigate threats.
- Providing security training, both through simulated digital attacks and through on-site presentations.
How we differ is that in addition to providing the documentation and reporting (where most companies focus as a consulting service), we implement the Cybersecurity tools uniquely tailored to assess the network, and actively mitigate against threats, including an Artificial Intelligence (AI) augmented 24/7/365 US-based Security Operations Center (SOC) staffed with full time technicians and engineers overseeing and monitoring your network and responding to cyberattacks.
For those who need additional evidence of their security, we provide attack audits (network penetration testing) as well.