CMMC - What Companies Struggle with the Most

CMMC - What Companies Struggle with the Most

Here are the top cybersecurity compliance requirements DoD contractors struggle with the most.

Join our newsletter:
In 2019 the Inspector General of the U.S. The Department of Defense released a report titled “Audit of Protection of DoD Controlled Unclassified Information on Contractor-Owned Networks and Systems”. The report was the result of an audit of DoD subcontractors and their implementation of the NIST SP 800-171 framework of security controls. CMMC draws many of its security requirements from NIST SP 800-171.
Here are the top deficiencies identified in the report:
  • Using multi-factor authentication;
  • Enforcing the use of strong passwords;
  • Identifying network and system vulnerabilities;
  • Mitigating network and system vulnerabilities;
  • Protecting CUI stored on removable media;
  • Overseeing network and boundary protection services provided by a third-party company;
  • Documenting and tracking cybersecurity incidents;
  • Configuring user accounts to lock automatically after extended periods and unsuccessful logon attempts;
  • Implementing physical security controls;
  • Creating and reviewing system activity reports;
  • Granting system access based on the user’s assigned duties.

What you should do:

We developed an application to help contractors meet their new CMMC requirements. Through the application, our cybersecurity team conducts a gap analysis for you. Using the results of the gap analysis we create a project plan specifying how to implement your absent CMMC practices. The entire process is self-paced. If you would like to learn more, reach out to us for a demo.

How we can help:

As of yet, non-DoD contracts do not require CMMC. There has been talk that the rest of the federal government may adopt it in the coming years.
 

Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

 NIST SP 800-171 & CMMC Compliance App

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
 HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
 FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
 ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.