The current projection for when CMMC 2.0 is slated to be put into effect is May of 2023, while this may seem like far off it's much closer than you think. Many defense contractors are already beginning to include CMMC 2.0 language within their contracts. This means that sooner rather than later, you will need to show proof that you are compliant with federal standards for handling CUI and the DoD's private information. The basis of CMMC 2.0 are the controls outlined in NIST's SP 800-171, this means that it's time to ask yourself the question: Are you NIST 171 compliant now?
The National Institute of Standards and Technology (NIST) released their special publication 800-171 in 2015. This standard is the basis for CMMC 2.0, which is the way that the Department of Defense is going to legislate compliance for its contractors within the Defense Industrial Base. NIST 800-171 was the government's response to the rise of cyber-attacks on critical infrastructure and the endangerment of controlled unclassified information (CUI). Due to the ever-evolving nature of cyber threats NIST published its second revision of the 800-171 framework in 2020. This is now the standard that CMMC is based upon.
Becoming NIST 171 compliant now is more important than you may think. If you work within the Defense Industrial Base or are contracted by the Department of Defense, you will not have an option of becoming NIST compliant. You could potentially lose out on future contracts if you don't take the necessary steps to make sure your organization can be trusted with the government's critical information. If you already have a contract with the DoD, you could potentially lose your current contract and face legal or financial consequences if you are found to have mishandled CUI within your organization.
Why do you need to be NIST 171 compliant now? Despite CMMC 2.0 not being official for the next few months it is important you become NIST 171 compliant now rather than later. Becoming compliant isn't a one-day fix. Implementing the required controls takes time and money depending on where you are on the security pathway. Your organization can't afford to wait until the last minute to start taking NIST 800-171 seriously.
CorpInfoTech can help makes the process of achieving compliance with NIST 171 easy. Our Security Assessment provides a POAM (Plan of Action and Milestones). The POAM is the roadmap to compliance. We then work with our customers to understand their IT capabilities and help fill the gaps on the journey to compliance.
Security Assessments, compliance testing and fully or co managed IT services. Contact CorpInfoTech today if you have questions about compliance!
CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.