Whether you're evaluating IT providers or satisfied with your existing firm, one important question to ask is if they are CMMC certified. According to the Office of the Under Secretary of Defense for Acquisition & Sustainment website, the "Cybersecurity Maturity Model Certification (CMMC) framework includes a comprehensive and scalable certification element to verify the implementation of processes and practices associated with the achievement of a cybersecurity maturity level. CMMC is designed to provide increased assurance to the Department that a DIB company can adequately protect sensitive unclassified information, accounting for information flow down to subcontractors in a multi-tier supply chain."
It was developed to enhance the protection of controlled unclassified information (CUI) within the Department of Defense (DoD) supply chain. Even if your business is not in the DoD supply chain, this is important for you to be aware of, as it is the enforcement of ever-maturing cybersecurity standards that will result in contracts being awarded based on continuing to meet stricter cybersecurity standards.
From the website:
Registered Provider Organizations in the CMMC ecosystem are authorized as familiar with the basic constructs of the CMMC Standard to provide advice, consulting, and recommendations to their clients. They are the “implementers” and consultants but do not conduct Certified CMMC Assessments.
As a registered CMMC provider, Thriveon helps clients by guiding and implementing the policies, controls, and evidence needed to meet ever-maturing cybersecurity standards.
Download our E-book: 5 Questions to Ask When You Are Evaluating an IT Managed Service Company
As cybersecurity continues to evolve, so does the need for strategic guidance. That’s why for the last 19+ years, Thriveon has deployed an approach that proactively eliminates IT risk and supports business growth.