Impacts Entire Defense Industrial Base
Compliance audits to begin within months
INDIANAPOLIS, Feb. 3, 2020 /PRNewswire/ — Cybersecurity firm, Needling Worldwide, is announcing immediate support for defense contractors scrambling to comply with the new CMMC Model 1.0 cybersecurity standard just released by the US. Dept. of Defense.
This new standard impacts the entire US Defense Industrial Base and is aimed at protecting sensitive information handled by the nation’s sprawling network of defense contractors and subcontractors.
Cybersecurity Maturity Model Certification (CMMC) represents a “best of” formula, integrating components of standards such as NIST, ISO 27001, CIS, ISO 9001, and others. The Version 1.0 release of CMMC represents many months of collaboration by public-sector and industry stakeholders led by experts from Johns Hopkins and Carnegie Mellon.
Most importantly, CMMC requires proof of compliance from outside certifiers, unlike previous programs that relied on defense contractors voluntarily attesting to their own compliance without any external validation.
“The DoD is acknowledging, among other things, that self-certification doesn’t work, and that third-party certification is essential,” says Dr. Al Lively, Business Development Director, Government Sector, for Needling Worldwide. “The impetus for this new program is the simple and sobering fact that too many breaches are occurring within the Defense Industrial Base, putting national security at risk. The old way just isn’t working.”
According to Dr. Lively, the newly published CMMC Model Version 1.0 is essentially identical to the most recent draft (version .7), with a few slight changes to some domain abbreviations and minor wording changes that don’t affect the substance of the standard. Of note, the CMMC Model is expressed in five levels, from basic to advanced, depending on the level of security the DoD is seeking for each of its projects.
“The next big step is for DoD to appoint independent registrars who, in turn, will authorize and oversee the certification bodies that will audit companies for CMMC compliance,” says Paige Needling, CEO of Needling Worldwide. “There are a lot of t’s to cross, but at the same time DoD says CMMC certification requirements will start appearing in RFIs as early as June. That’s five months. Every defense contractor should immediately begin planning for certification.”
According to the DoD, the expense of CMMC certification is an allowable cost in contract awards; they’ve also said the requirements of the standard, while robust, are designed to avoid placing an extreme burden on contractors.
“Organizations with a solid strategy for cybersecurity, and certainly anyone who has already invested in ISO 27001, FedRamp, or related compliance programs, should not have any great difficulty obtaining CMMC certification,” adds Ms. Needling, “so long as you understand what is required and take the process seriously.”
“Our company exists for just this kind of situation . . . to assist companies with cybersecurity compliance and certification, making sure it doesn’t distract from daily business operations. Frankly, it doesn’t really matter where you are on the security scale. If you make a commitment to becoming CMMC certified, we can help you get there.”
About Needling Worldwide
Needling Worldwide specializes in helping organizations achieve compliance to and certification with the most in-demand cybersecurity standards, such as CMMC, ISO 27001, ISO 9001, SOC 2, HIPAA, and others. Led by industry veteran Paige Needling, the company’s highly experienced teams guide organizations through the maze of technical and business-process demands of these standards. Needling Worldwide even represents clients during certification audits, ensuring their security efforts are accurately and thoroughly understood by the auditors. For more information, visit: www.needlingworldwide.com.
SOURCE Needling Worldwide