CYBER NEWS NOW: New CMMC guidelines could mean changes for many companies
AUGUSTA, GA (WFXG) --It may seem subtle, but a major change is now underway for anyone who does any kind of work with the U.S. Department of Defense.
“You simply cannot have a laissez faire attitude with cyber security and be compliant, so there’s a lot of meticulous documentation, policy and procedures,” said Chris Hurley, a partner and vice president for IntelliSystems in Augusta.
You might think the U.S. Department of Defense would have pretty strict standards, but you may not realize who is involved with their daily operations.
It’s why companies like IntelliSystems are stepping in to pinpoint potential trouble spots and help businesses meet the new standards of the Cybersecurity Maturity Model Certification, otherwise known as CMMC.
“There’s a lot of low hanging fruit that organizations can be working on in the meantime,” said Hurley. “We can help with them with their assessment and we can help them get a realistic view of what’s this going to look like for us to achieve this.”
Hurley says many companies can keep up with their firewalls or antiviruses for most of their computer, but there’s often an outlier that’s lost in the shuffle.
“Everyone has been pretty bad at complying,” said Hurley. “The biggest challenges that we see, especially for smaller organizations…it might be sub-contractors, the inherent lack of organization in some smaller businesses is going to be a problem.”
Once they feel confident and they’ve completed their self-assessments, their scores are submitted to a portal. Then the companies will be evaluated to see if they’re deemed worthy to keep working with the DOD.
“The onerous things are going to be proving how you don’t intermingle defense work with commercial work, proving people have limited access only to the things they need,” said Hurley.
And while they work to get their systems right---some companies may have to drop long-standing partnerships with the DOD---but this ongoing commitment should pay off for cyber-security nationwide.
“In a lot of cases, it’s going to require some pretty painful changes for them to be compliant,” said Hurley. “And there are some opportunities in the short-term, where they’re not being accredited and they can be credited for make some changes to the plan they made need.”
The deadlines for CMMC are already in place, and companies will use their assessment scores like restaurants use their food scores to bid for jobs in the future.
Copyright 2021 WFXG. All rights reserved.