DoD Cyber Strategy 2023 Reaffirms Commitment to CMMC - Guernsey INSIGHT

The Department of Defense (DoD) has communicated their proactive approach to the country’s cyber defense through the 2023 DoD Cyber Strategy. Although the strategy primarily focuses on defending the homeland in the cyberspace domain, private companies doing work for the DoD should be paying close attention. Why? Because in the document, the Department boldly reaffirms its commitment to ensuring security within the Defense Industrial Base (DIB) through the Cybersecurity Maturity Model Certification (CMMC), a program designed to assess defense contractors on their cybersecurity maturity.

The DoD defines this cybersecurity maturity through a company's adherence to National Institute of Standards and Technology (NIST) 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. This document is a set of practices a company is expected to perform to safeguard sensitive (but unclassified) data that they are entrusted with by their government customer. CMMC is a formal assessment, possibly required to be performed by a certified third-party, of the organization's compliance with NIST 800-171. It should be noted that DoD contracts already require compliance with all NIST 800-171 practices.

The DoD’s re-affirmed commitment to the CMMC program dispels much of the uncertainty about the program’s longevity and sustainability itself. Defense contractors across the country already face contractual requirements that necessitate the implementation and maintenance of robust cybersecurity programs, CMMC will require them to verify and prove the implementation and operation of that program.

As CMMC navigates its way through the bureaucratic labyrinth in Washington, Guernsey stands ready to assist companies staring down the pending contractual requirements in a unique and effective way. As the government doubles down on the CMMC program, Guernsey is positioned to support defense contractors as a trusted community partner with decades of business acumen. Our knowledge runs deeper than firewalls, passwords, and encryptions algorithms --- Guernsey understands the role and obligations of a DIB contractor and is eager to lead companies to contractual and CMMC compliance in a way that secures sensitive data and makes good business sense.

Read the DoD Cyber Strategy 2023 document at https://media.defense.gov/2023/Sep/12/2003299076/-1/-1/1/2023_DOD_Cyber_Strategy_Summary.PDF

DoD Cyber Strategy 2023 Reaffirms Commitment to CMMC - Guernsey INSIGHT2

The CMMC Final Rule has been published, and it will be effective on 12/16/2024.

Guernsey is the only Oklahoma based company to have achieved the Certified Third-Party Assessment Organization (C3PAO) status, which authorizes the firm to provide CMMC assessments, or “audits,” for clients seeking certification to meet their contractual obligations.

To schedule your company's C3PAO assessment, contact Timothy Fawcett, CISSP, Vice President Director of Cybersecurity Consulting, at Timothy.fawcett@guernsey.us or (405) 416-8182.