Without Cybersecurity Maturity Model Certificate (CMMC) compliance, a contractor will be barred from all future Department of Defense (DoD) contracts. The CMMC officially launched in January 2020, building upon the DFARS and NIST 800-171 standards with additional requirements for vendors working with the DoD. Understanding CMMC and how it differs from DFARS and NIST 800-171 is crucial to the current and future success of government contractors.
DFARS stands for “Defense Federal Acquisition Regulation Supplement”. It’s a set of cybersecurity regulations required by any vendor bidding for contracts with the DoD. In addition to requiring compliance with the controls in NIST 800-171, DFARS includes a clause for Safeguarding Covered Defense Information and Cyber Incident Reporting, 252.204-1012, which ensures that DFARS protects the government’s supply chain from cyberattacks by defending “Controlled Unclassified Information” or CUI. This clause ensures that CUI is safeguarded from cyber incidents that can affect the organizations, people, activities, information, and resources involved in supplying a product or service to the DoD. DFARS also requires vendors to report incidents that affect CUI or impact contractors’ ability to perform critical support for the government.
MOre Info: a+ certified jobs
No comments:
Post a Comment