CMMC Guidance

What is the Cybersecurity Maturity Model Certification (CMMC)?

Cyber attacks targeting the Defense Industrial Base (DIB) pose a risk to our national security.  Businesses large and small play a role in the DIB ecosystem.  This diversity brings a great variety in business processes,  IT systems, controls, and cybersecurity practices.  The Department of Defense (DoD) has established the CMMC framework to provide a common set of requirements to ensure proper safeguarding for both Federal Contract Information and Controlled Unclassified Information.

Controlled Unclassified Information (CUI)

We cannot talk about the CMMC without discussing CUI. Ultimately, the CMMC has been developed to ensure that organizations properly safeguard CUI. What is CUI? From the CUI Program Blog: Controlled Unclassified Information (CUI), is sensitive information that laws, Federal regulations, or Government-wide policies require or permit executive branch agencies to protect.

Consider an example: a manufacturer makes a part or assembly that ultimately ends up in a Defense related application. The blueprints or drawings used to machine the part are likely CUI. Should these documents exist in physical form at the manufacturer, certain practices must be in place to safeguard them (handling, storage, destruction, etc.). When this information exists digitally on the manufacturer’s computer network, specific controls must be put in place to safeguard that information. The CMMC outlines the safeguards that must be in place to process, store, or transmit this data.

The following links provide information on the CUI Program, training, and others:

National Archives CUI Program Home

CUI Program Blog

CUI Training

How can Bound Planet help?

While we are still awaiting CMMC 2.0 rule making, we recommend being proactive in addressing the CMMC.

We offer the following:

  • Education on CMMC requirements
  • Pre-assessment readiness evaluations and guidance
  • Advisory specific to CMMC initiatives
  • POA&M Development
  • Consulting and project management related to implementing Practices or Processes
  • Policy documentation and review
  • Service offerings to meet practice requirements

Whether you don’t know where to start, or you simply need a specific solution to satisfy a practice requirement, Contact us today to find out how we can help your organization prepare.