As networks become more complex, organizations need to evaluate their cybersecurity policies, controls and practices to ensure optimal security across the network. The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) developed the Cybersecurity Maturity Model Certification (CMMC) for the Department of Defense (DoD) and DoD contractors to ensure a standard level of security across the Defense Industrial Base.
Ralph Kahn, VP of Federal at Tanium, sat down with John Gilroy from Federal News Network’s Federal Tech Talk to unpack CMMC – exploring what CMMC means for DoD contractors, what each level of certification entails, and how CMMC will reduce risk and improve security posture for both contractors and agencies.
Agencies only as strong as their weakest link
With an estimated 300,000 suppliers to the DoD, agencies are only as strong as their weakest link. Khan explains that in order to reduce risk and operate in a more assured way, companies bidding on DoD contracts will be required to achieve a certain level of certification under CMMC. Independent auditors will assess the contractors and subcontractors to verify that they have the required controls in place and documented practices that can be verified.
How Tanium helps with CMMC
Kahn explained Tanium is not an independent auditor, but provides technology that supports CMMC core requirements including asset management, risk management, achieving situational awareness, system integration integrity and more.
“It’s good to reduce risk at a point in time when you’re going through your accreditation and getting your certification, but it’s even better if you are reducing that risk every day, every hour, every minute,” said Kahn. “Those are the areas where Tanium can help. We can help the accreditors. And, we can help the contractors seeking accreditation reach the next level, cost effectively.”
Listen to the full interview and contact us to learn more about how Tanium can help achieve continuous cybersecurity capabilities to reduce risk and meet CMMC requirements.