By: Brian Egenrieder, CRO of SyncDog
Earlier this year, U.S. regulators rolled out sweeping new rules, referred to as Cybersecurity Maturity Model Certification (CMMC), which requires the use of data containerization in order to protect government/business information. The implementation of CMMC represents a big change from past U.S. federal data handling rules for contractors, for which compliance was by-and-large voluntary.
The overarching purpose is to protect controlled unclassified information (CUI), however, guidelines mandate that any entity working with the DoD must be certified regardless of whether CUI is handled or not. Examples of CUI include finances, critical infrastructure, tax details, intelligence and more. This type of information is tangential to classified data and would pose a serious risk to an organization, particularly a government agency if compromised. CMMC seeks to reduce such risks from government contractors. In many ways, CMMC is similar to NIST SP 800-171, which mandates all non-federal organizations working with U.S. government bodies follow compliance regulations such as secure file sharing.
CMMC is essentially the outcome of a review of numerous cybersecurity standards and is a certification that will provide increased confidence in government data security. The five-level maturity certification involves an audit by an authorized entity — a self-assessment is not an option. It is anticipated that in Summer 2020, organizations will begin observing CMMC requirements within Requests for Information.
Implications for Your Organization
At the time of this blog publishing, the cost of certification has yet to be determined. It can be anticipated that the higher the level of maturity certification that is sought, the more costly certification will be compared to lesser levels. As previously mentioned, regardless of the amount of CUI handled, even if it is none, those that work with the DoD will be required to achieve some level of CMMC; this includes sub-contractors. When applying for a contract, your organization will be notified by the government of the level of CMMC determined to be necessary.
SyncDog Supports CMMC Compliance
Data containerization rules embody a more fundamental security approach, particularly with respect to mobile. SyncDog’s Trusted Mobile Workspace, Secure.Systems, takes containerization to the next level by offering industry-leading containerized security in conjunction with a full suite of productivity applications that provides a desktop-like experience on mobile devices. Implementing Secure.Systems empowers organizations to transition away from providing and managing corporate devices and experience the flexibility of BYOD without the threat of losing or exposing corporate data.