📚 On October 15, the United States Department of Defense published the #CMMC final rule (#32CFR) to protect Controlled Unclassified Information (#CUI) and sensitive contract data across the Defense Industrial Base (including third-party, fourth-party vendors...) 🇺🇸 This is a major development in the #US and is likely to influence governments worldwide! 🌐 #MustRead #ThirdPartySecurity Excellent article by Jonathan Deglise summarizing the main takeaways, thanks Jonathan!! https://lnkd.in/eaMCzz-f 1️⃣ CMMC 2.0 assessments will begin soon. Starting December 16, 2024, CMMC assessments will be available 📆 2️⃣ The current version of NIST 800-171 will serve as the foundation for CMMC Level 2 assessments and certification 📄 3️⃣ Self-assessments will apply to only a small fraction of OSCs (Organization Seeking Certification) - about 2% 4️⃣ Subcontractors are required to obtain a certification similar to the prime contractor's #FourthPartiesSecurity 📈 5️⃣ The DoD reserves the right to assess any CMMC-certified organization at any time 🔎 6️⃣ Any CUI managed by a #Cloud Service Provider must meet #FedRAMP Authorization at the Moderate level ☁️ 7️⃣ #MSPs without direct CUI access do not need CMMC certification (simple description of their responsibilities) 8️⃣ #VDI clients that limit interaction to #KVM input🖱, and do not process critical data are considered out of scope
You’re right, CMMC is a big step forward, but it doesn’t address the bigger issue: why is so much information marked as CUI in the first place? Unfortunately, over classifying creates cascading problems—and piles on unnecessary costs.
The CMMC final rule marks significant progress in enhancing cybersecurity measures within the defense sector.
Intéressant 😉 MERCI pour le partage. Cdlt; Stéphane
Thanks Matthieu Garin! Appreciate the support in raising awareness on CMMC! Looking forward to helping more clients navigate compliance together.
Ph.D, CISSP, SPC | Cloud, Data/AI and Cyber Security | Open Source Advocate 🐙🇫🇷
1moIndeed, it finally happened:) side notes, identifying and marking the CUI is the tricky part when dealing with CMMC, so here is a starting point https://www.archives.gov/cui also CMMC is usually paired with 800.171 that got updated on May as well