23 years
97.9 Customer Satisfaction Score
200k Tickets Closed
83% resolved remotely
97% Resolved within SLA Goal

New Defense Department CMMC Rules Put Spotlight on Cybersecurity

Learn why the Defense Department is unveiling stricter rules on cybersecurity for contractors and what impact the guidelines could have on your business  

If your business is a Defense Department contractor in Fort Lauderdale or South Florida, new guidelines are going to change the requirements needed to remain in business with the federal government.

What do the new guidelines mean and how can your business prepare?

What Are the New DoD Compliance Guidelines for 2020?

After several data breaches related to federal contractors, the Defense Department announced the implementation of the Cybersecurity Maturity Model Certification (CMMC) program. It’s projected to be a standard requirement for any Requests for Proposals (RFPs) by June 2020. The CMMC mandate includes several levels of cybersecurity authorization.

The CMMC grew out of concerns on the heels of recent cyberattacks that the existing standard, NIST SP 800-171, did not provide enough documented protection of sensitive government data.

How Is CMMC Different from NIST SP 800-171?

NIST SP 800-171 requires contractors to produce two key documents. The first, a System Security Plan (SSP), is a detailed look at a contractor’s information systems, security requirements and controls in place to meet those requirements. The second is the Plan of Action and Milestones (POA&M), which lists gaps between the SSP and the NIST SP 800-171 guidelines; it’s essentially a to-do list of remediation measures.

However, DoD officials have expressed concern that the SSP and POA&M are no longer enough to combat increasingly sophisticated cyberattackers. Gone are the days when ticking off a checklist is enough evidence of being cybersecure. Contractors and subcontractors need to step up their game, officials say. Once in effect, bids will only be considered if the contractor has a certified level at or above that required for the work.

What Are the Five CMMC Levels?

NIST SP 800-171 remains the benchmark against which the levels are based. It represents the third of five possible levels and a “good” approach to cybersecurity. The five levels are:

  • Level 1: Basic Cyber Hygiene. Contractors here meet the most fundamental federal regulations of protection for information systems.
  • Level 2: Intermediate Cyber Hygiene. Contractors need standard operating procedures, policies and strategic plans that frame their cybersecurity program.
  • Level 3: Good Cyber Hygiene. Mapping to NIST SP 800-171, this level is necessary for any contractors expecting to access Controlled Unclassified Information (CUI). CUI is information generated by or owned by a federal agency or on behalf of an agency. Such organizations demonstrate an ability to protect and sustain its own data and CUI but may be vulnerable to persistent advanced cyberthreats.
  • Level 4: Proactive Cyber Hygiene. Contractors at this level have a cybersecurity program that is substantial and progressive, able to adapt activities to protect data and sustain operations, even in the wake of advanced persistent threats that switch up tactics, procedures and attack vectors.
  • Level 5: Advanced and Progressive Cyber Hygiene. These contracts are the most advanced regarding cybersecurity, able to optimize security measures. The implementation of processes is operationalized throughout the organization.

The levels approach to cybersecurity is designed to allow the DoD to categorize prospective bidders on the level of security maturity achieved. It’s designed to streamline the bidding process, provide additional levels of security and assurance, and more accurately reflect a bidder’s cyber defenses.

How Are Levels Determined for CMMC?

Much like the NIST SP 800-171 standards, the CMMC will focus on achieving passing marks in different domains. The 17 domains cover the gamut of a comprehensive cybersecurity program:

  • Access Control
  • Asset Management
  • Audit and Accountability
  • Awareness and Training
  • Configuration Management
  • Identification and Authentication
  • Incident Response
  • Maintenance
  • Media Protection
  • Personnel Security
  • Physical Protection
  • Recovery
  • Risk Management
  • Security Assessment
  • Situational Awareness
  • System and Communications Protections
  • System and Information Integrity

For each domain, a contractor must demonstrate it can identify malicious content, identify and manage system flaws, monitor networks and systems, and use advanced email security.

How Can My Business Attain CMMC Compliance?

Palindrome Consulting helps businesses with advanced compliance, cybersecurity, IT assessment and data solutions. We help local businesses comply with CMMC and other regulatory mandates. To learn more about our security vulnerability assessments and services, contact us today.

Schedule your No-Obligation IT Assessment with Palindrome Consulting

Schedule Now

Elizabeth Mitrani
Elizabeth Mitrani
17:23 06 Aug 19
Palindrome Consulting was key in establishing my business and helps me keep it running. They are the consummate... professionals, incredibly knowledgeable and are always available to help. They have gone above and beyond to ensure that I was up and running quickly and that any issues that may arise on my end or dealt with immediately. I highly recommend Palindrome Consulting.read more
Moshe Rubinstein
Moshe Rubinstein
14:57 28 Jun 19
They are there every step of the way. Responsive and timely. The full service mentality mixed with the problem solving... abilities, is what makes them an easy choice.read more
Benjamin Wainberg
Benjamin Wainberg
14:09 28 Jun 19
Palindrome Consulting is customer centric. For Palindrome Data Safety is paramount; they keep their and our systems... updated with the newest technologies and are not shy at changing to better alternatives. Their platforms are always running and in the odd case there is an event, their technical team has an awesome response time.read more
Copier Man
Copier Man
13:56 28 Jun 19
We have been using Palindrome since 2005. They make my company feel like we are #1 all the time. Expert staff are... always available to help all my users all around the country.read more
Martin Feldman
Martin Feldman
16:43 26 Jun 19
As a partner in Fischer & Feldman, P.A. we have utilized Palindrome Consulting as our IT experts for many years. In... addition to keeping our server up and running, they are available to consult on the everchanging cloud and web landscape. We could not function as a successful law firm without their constant care, attention and almost IMMEDIATE RESPONSE TIME.read more
Rebecca Fischer
Rebecca Fischer
16:39 26 Jun 19
Palindrome has been my IT company for more than 15 years. We have been through four server and computer replacements... over the years all of which went smoothly. As technology has changed Palindrome has kept us current in their recommendations and are extremely responsive when we run into a software or hardware problem. We have been through hurricanes with Palindrome and felt confident they would have us up and running as quickly as possible and despite the fact we are probably a smaller client, they have treated us as one of their most important clients. I highly recommend Palindrome and have complete confidence in their capabilities and service. They have even gone the extra mile when we wanted to donate our old computers to a children's special needs school and delivered the computers, set them up and provided service for the same. Ilan Sredni is the consummate professional and has surrounded himself with top professionals and skilled technicians.read more
Nelson T
Nelson T
20:32 25 Jun 19
Palindrome Consulting has proven itself time and time again to be the epitome of professionalism and technical... expertise. They take the time to listen to your needs and then apply their wealth of technical knowledge to create truly innovative and robust solutions. They truly deliver piece of mind.read more
Next Reviews