By 2021, the Department of Defense will begin implementing a mandatory third party audit for all suppliers. In summary from the OUSD(A&S) website:
The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) recognizes that security is foundational to acquisition and should not be traded along with cost, schedule, and performance moving forward. The Department is committed to working with the Defense Industrial Base (DIB) sector to enhance the protection of controlled unclassified information (CUI) within the supply chain.
OUSD(A&S) is working with DoD stakeholders, University Affiliated Research Centers (UARCs), Federally Funded Research and Development Centers (FFRDC), and industry to develop the Cybersecurity Maturity Model Certification (CMMC).
- The CMMC will review and combine various cybersecurity standards and best practices and map these controls and processes across several maturity levels that range from basic cyber hygiene to advanced. For a given CMMC level, the associated controls and processes, when implemented, will reduce risk against a specific set of cyber threats.
- The CMMC effort builds upon existing regulation (DFARS 252.204-7012) that is based on trust by adding a verification component with respect to cybersecurity requirements.
- The goal is for CMMC to be cost-effective and affordable for small businesses to implement at the lower CMMC levels.
- The intent is for certified independent 3rd party organizations to conduct audits and inform risk.
Cicer One is dedicated to data privacy and data ownership and its turnkey solution, SCUTE, meets Levels 1-3 of CMMC out of the box with the following benefits to SME companies:
- Network-in-a-box – enables SME companies to easily and securely manage their digital assets with no external IT support required. Setting up a similar system with off-the-shelf hardware and software components has 5-10X upfront installation and monthly maintenance costs.
- Replaces Google Drive, Dropbox, Microsoft Sharepoint and similar services.
- Replaces Text and Chat apps – these apps are subject to third party monitoring and monetizing of the user data.
- Digital assets that are stored on the cloud or persisting in third party servers (email etc) are subject to compromise by hacking, third party employee theft, and storage in foreign jurisdictions. Cicer One’s on-premise solution ensure easy compliance with privacy and security standards including HIPAA, GDPR, CCPA, and CMMC.
Cloud computing enables scaling of data storage and exchange but simply isn’t the right answer for the government supply chain as cloud providers do not guarantee the data will remain in the USA and that it is only accessible by personnel with the proper clearance. CMMC is the first cyber security standard that will require an independent audit to ensure compliance and affects 350,000+ companies. Industries such as medical, legal, and financial services standards are closely monitoring the CMMC implementation and are planning parallel cyber health monitoring in their respective ecosystems.
Cicer One offers businesses in every industry to reduce the risks of managing their customer and client data exchanges and get ahead of the coming standards based audits.