Newsletter | February 24, 2021

02.24.21 -- What MSPs Need To Know About CMMC

 
What MSPs Need To Know About CMMC
 
To mitigate security dangers and to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within the DoD’s supply chain, the department developed the Cybersecurity Maturity Model Certification (CMMC). Through CMMC, the DoD can ensure that sufficient cybersecurity practices and processes are in place to protect FCI and CUI that lives on industry partners’ networks. Compliance Manager for CMMC allows MSPs to select the appropriate CMMC level and guides you through the certification-readiness process.
How MSPs Can Help Clients Comply With The Interim Rule
 

The DoD has rolled out its Cybersecurity Maturity Model Certification (CMMC), but it will take five years to be fully implemented. In the meantime, the DoD has instituted an interim rule as a cybersecurity stopgap to ensure all contractors follow best practices. With Compliance Manager, MSPs can help perform a cybersecurity self-assessment, score the assessment according to a specific methodology, and generate several documents that must be submitted to the DoD.

What MSPs Need To Know About CMMC Interim Rule Scoring
 

The interim rule requires all contractors and subcontractors to perform a cybersecurity self-assessment, score the assessment according to a specific methodology, and create documents that they must submit to the DoD. This scoring methodology is intended to create an objective assessment of a contractor’s implementation status. With Compliance Manager, the MSP can use the role-based platform to work with the client stakeholders to complete the assessment according to the required methodology.

A Closer Look At The CMMC Interim Rule’s System Security Plan Requirement
 
The System Security Plan (SSP) is a comprehensive blueprint of all security policies and procedures that documents how each contractor will help keep DoD data secure if the DoD awards a contract. All this information compiled for the SSP also helps create an incident response plan for a potential breach. Compliance Manager allows MSPs to perform the required self-assessment and generate the SSP and other required documents that must be submitted to the DoD.
A Closer Look At The CMMC Interim Rule’s Plan Of Action And Milestones
 

If a DoD contractor’s system doesn’t meet the 110 controls of the interim rule, the contractor must also include a detailed corrective action plan — a Plan of Actions and Milestones (POA&M). The POA&M must outline all proposed deficiency remediations and the timeframe in which each item will be completed. Compliance Manager allows MSPs to perform and score the self-assessment and automatically generates the required SSP and POA&M.