Cybersecurity Maturity Model Certification (CMMC) Audits Made Easy

/in , /by

Recently the US Federal Government announced plans to impose a cybersecurity audit and certificate program referred to as the Cybersecurity Maturity Model Certification (CMMC), which will be used as a standard requirement for all firms dealing with DoD data.  The CMMC closely follows established frameworks pulling heavily from the NIST CMF and 800-171 publications.  The obvious advantages of using a ubiquitous framework and assessment to ensure compliance with these new regulations helps to reinforce many of the best practices that firms in this space should have already been following.

Each firm must record their policies, procedures, and controls related to the NIST frameworks, showing a clearly delineated map of these relationships for auditors to follow, test, and critique.  The DoD recently announced that they plan to start the audit process in 2020 with more than 60% of firms expected to have completed their requirements by the end of the year.  This leaves firms with sparse time to evaluate and immortalize their processes, with a narrow window to fix non-compliant or lacking areas of their cybersecurity framework.

These moves by the Federal Government and the DoD are being widely celebrated by the cyber defense industry as a win against unintentional release of classified information, and as strong guidance for the industry to help ensure a curb in the currently vulnerable industry.  With a long history of leaks, and hacks, the government consulting and data analytics firms, that make up much of the cyber defense of the country, will be helping to ensure our enemies have one less tool to utilize.

With StrunkAccess Risk and Policy Manager consulting firms are finding a tool that can help navigate through the complicated process of becoming compliant with risk frameworks, helping to protect their companies and clients.  From SOC 2 to NIST to any risk framework, StrunkAccess is an elegant solution utilized to help hundreds of companies evaluate, record, and manage their risks.

An independent certified public accountant has examined Strunk’s operations and found them to be in compliance with the AICPA’s Trust Service Principles. It was determined that Strunk meets the Security, Availability, Processing Integrity, Confidentiality, and Privacy criteria for SOC 2 established by the AICPA.