Update:The timeline for when CMMC will be officially published has been altered over the past year. In 2022, the original plan was to see CMMC wording included in contracts by May of 2023. However, as of July 24th, 2023, the proposed CMMC rule has been sent to the Office of Management and Budget where they will have 90 days to review and send it back for changes. If approved, the rule will enter into a public comment period. This means that CMMC may be finalized in Q1 of 2025.
There are dozens on acronym's and abbreviations within the cybersecurity world and CMMC acronym’s are just part of the list. This can make security overwhelming and confusing to organizations simply trying to increase their security posture. With increased legislation regarding security controls and implementation it is important now more than ever that your business familiarizes themselves with some of the terms and acronym's that may apply to their organization and business continuity.
Here is a brief list of some of the acronym's involved in CMMC compliance and how they may apply to your business.
CMMC stands for the "cybersecurity maturity model certification". The CMMC was established in part by the Department of Defense(DOD) to create an enforceable compliance model to make sure that private contractors working inside the Defense Industrial Base(DIB) are effectively protecting controlled unclassified information(CUI). The framework that the CMMC is based off of is NIST 800-171 which consists of 110 controls divided among 14 control families.
CMMC-AB stands for the "cybersecurity maturity model certification - accreditation body". This group is responsible for overseeing qualified, trained, and trustworthy assessors who are able to audit an organization for CMMC compliance. They provide the necessary resources for organizations to become CMMC compliant and capable of assessing others compliance levels.
DIB is the abbreviation for the Defense Industrial Base. The DIB is a collection of organizations from various industries that work together with the Department of Defense on various projects. The DIB contains over 30,000 organizations and demands a lot in terms of security. The CMMC model is directly applicable to any organization within the DIB. The DIB contains some of the largest and most profitable defense companies so it is no wonder that security is so important.
NIST 800-171 is a security framework developed by the National Institute of Standards and Technology (NIST) and is the framework in which the CMMC is rooted. NIST 800-171 contains 110 security controls divided into 14 control families. Each of these controls work together to create layered defense in order to better protect CUI from bad actors. This framework specifically provides guidance on the storage, protection, and transmission of CUI between the private sector and the federal government.
An MSSP or Managed Security Services Provider is an organization that provides support in making sure that an organization is compliant and secure in their IT endeavors. CorpInfoTech specializes in provides premier managed services that both protect organizations from bad actors as well as make sure they are compliant with security regulations that they need to conduct their business. We offer full and co-managed services that include firewall management, vulnerability management as well as compliance support and guidance!
While these abbreviations are not all encompassing they provide a baseline knowledge for terms you are likely to hear when beginning your CMMC compliance journey! Education on security is important to staying compliant and protecting your business!
CorpInfoTech can you through your compliance process - start with a security assessment.
CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.