Talk of information security and compliance regulations have been buzzing through the business world – and for good reason. Cybercrime is on the rise; just last year the average organization experienced an additional loss of $1.4 million due to malicious digital attacks, bringing average cybercrime costs to over $13 million annually. New compliance regulations are coming in 2020 – but many companies are at a loss, unable to navigate these complex, enterprise-level standards.
On November 20, 2019, CORTAC Group was invited by the Pacific Northwest Defense Coalition to shed some light on the subject. PNDC offers the most comprehensive defense network in the PNW, hosting over 300 member companies in the defense and security industry. We had one goal: demystify the Department of Defense’s latest changes to security compliance regulations. Specifically, we spoke to the PNDC membership about the upcoming Cybersecurity Maturity Model Certification (CMMC).
In the simplest terms, the CMMC is a set of standards designed to protect our country’s data from cybercrime. However, these standards are layered with various elements, making it difficult to comprehend. Core elements of the CMMC include:
- Five maturity levels – ranging from basic cyber hygiene to highly advanced practices
- Of those, each level includes required domains, capabilities, practices & processes. These are essential to demonstrate regulation adherence, and then ultimately become CMMC certified.
- Requires demonstration of all level-specific practices and processes, in addition to all lower-tier standards
Additionally, our team gave the PNDC audience a friendly reminder: Starting in 2020, these complex compliance regulations will be implemented throughout the country. And that’s not all; random compliance audits are planned to take place shortly after implementation. Katie Arrington, respected Chief Information Security Officer, gave a similar warning to all defense and aerospace suppliers, stating, “Every contract that goes out will have a requirement, and every vendor on that contract will have to have a CMMC certification.”
Don’t worry – your business is safe, as long as you adhere to the upcoming compliance regulations. If you need help, CORTAC Group can lead you through every compliance avenue. Whether it’s understanding your risks and obligations, obtaining executive alignment, or closing information gaps, we’ll provide the tools you need to stay compliant and win more business.
A special thanks to our friends at PNDC; it was an honor speaking at your event.
Jerry Leishman
Update (March 20, 2020): Want to learn more about CMMC? Check out this article featuring CORTAC Group, just published in the Northwest Aerospace News Magazine.