The U.S. Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) 2.0 has passed through the Office of Information and Regulatory Affairs and is now on its way to Congress, set to become law by Q4 2024. With the CMMC becoming official law, its full implementation in defense contracts will occur through a phased approach over three years starting in 2025.
The DoD and industry experts emphasize that contractors and subcontractors should be actively working now on their National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 implementation and CMMC compliance preparation.
Are you prepared?
If you're a DOD contractor or subcontractor, it's crucial to understand the CMMC 2.0 requirements and ensure that your organization is compliant. That's where Trustwave comes in.
Trustwave has developed the CMMC Readiness Accelerator to help clients and all organizations understand and work within CMMC 2.0. Trustwave’s accelerator program is designed to create a comprehensive roadmap to help current and potential contractors and subcontractors meet the stringent requirements set forth by the DoD.
The Trustwave CMMC Readiness Accelerator provides you with a roadmap to prepare your security programs for CMMC certification.
Trustwave’s approach to achieving CMMC certification is thorough and tailored to your specific needs. The process begins with requirements gathering, where Trustwave collaborates with you to outline the CMMC requirements and identify in-scope systems based on the desired compliance level. This involves a detailed review of CMMC documentation, guidelines, and practices, as well as identifying relevant systems and processes.
Next, Trustwave conducts a gap analysis to pinpoint weaknesses or deficiencies in your current security programs. This includes reviewing your existing system security plan (SSP), policies, procedures, and technical controls to identify areas needing improvement.
Finally, Trustwave works with you to develop a prioritized roadmap tailored to your specific needs, based on the findings from the gap analysis. This roadmap includes recommendations for addressing identified weaknesses and enhancing your cybersecurity posture.
Trustwave can also help you implement changes to your security in alignment with the CMMC requirements. Implementation services may include the corrective actions from the roadmap or any other activities that you are looking to put in place to increase your security maturity.
In general, this may include:
Furthermore, Trustwave can also work with you and relevant third parties to conduct a ‘mock’ CMMC assessment (i.e., pass or fail) in preparation for your certification.
The Trustwave CMMC Readiness Accelerator offers several key benefits. Firstly, it provides access to a team of Trustwave consultants who possess deep subject matter expertise in governance, risk, and compliance. This expertise helps you achieve greater visibility into the data assets you are responsible for securing.
Next, the program aids in identifying security weaknesses and implementing corrective actions to meet CMMC requirements. By proactively protecting security investments from potential vulnerabilities, you can ensure that you are well-prepared for upcoming visits from assessors. Ultimately, the Trustwave CMMC Readiness Accelerator prepares you to win government contracts that require CMMC certification.
Additionally, Trustwave is a Registered Practitioner Organization (RPO) with the Cyber AB, which is the official accreditation body of CMMC. As an RPO, Trustwave has access to the Cyber AB’s CMMC Readiness Tool (CRT), which provides the following key benefits:
The DoD currently mandates that all contractors and subcontractors adhere to specific cybersecurity standards, and with the introduction of CMMC 2.0, this requirement becomes even more demanding. With the expected inclusion of CMMC 2.0 in contracts starting in 2025 it means that organizations must not only comply with these standards but also demonstrate their compliance effectively by getting certified at the appropriate level before a contract is awarded.
To meet the CMMC requirements, organizations need to address two fundamental questions:
The Trustwave CMMC Readiness Accelerator is tailored to answer these questions, providing a clear and actionable roadmap to prepare your security programs for CMMC certification. Depending on your certification goal, Trustwave will provide guidance and remediation planning to align your practices with CMMC standards.
CMMC is a DoD program to safeguard sensitive information that is shared by the DoD with its contractors and subcontractors. CMMC is designed to enforce protection of federal contract information (FCI) and controlled unclassified information (CUI) in alignment with DoD’s information security requirements, while keeping the supply chain running safely. The NIST SP 800-171 and 800-172 serve as the basis for these protection measures.
CMMC is codified as part of the Defense Federal Acquisition Regulation Supplement (DFARS) within the Code of Federal Regulations. The CMMC program is overseen by the Office of the Under Secretary of Defense for Acquisitions and Sustainment. The DoD has designated an independent non-profit organization, the Cyber AB, to manage the certification and accreditation process, which is at the core of CMMC. The DoD and the Cyber AB work together to implement the CMMC program from end to end.
The new CMMC 2.0 program has three levels of compliance:
The last piece of the puzzle is the connection with Microsoft. Microsoft provides a Microsoft Sentinel CMMC solution, which empowers governance and compliance teams to design, build, monitor, and respond to CMMC requirements across cloud, on-premises, hybrid, and multi-cloud workloads. The solution contains a workbook, analytics rules, and playbooks.
Trustwave is endorsed and validated by Microsoft as a leading cybersecurity partner. Trustwave can help enable CMMC reporting in Microsoft Sentinel via the Trustwave Accelerator for Microsoft Sentinel service. This service provides you with a roadmap to accelerate value and security outcomes from Microsoft Sentinel.
By partnering with Trustwave, you can confidently prepare for CMMC certification and be ready to secure and maintain DoD contracts. Trustwave’s expertise and comprehensive approach provide the guidance and support needed to navigate the complexities of CMMC 2.0, making compliance a seamless and achievable goal.