The DoD’s Cybersecurity Maturity Model Certification (CMMC) is slated to roll out in the fall of 2020, and the COVID-19 pandemic is not delaying progress.
The CMMC model aims to create consistent cybersecurity practices throughout the DoD supply chain. CMMC auditors will measure a supplier’s cybersecurity against five levels of maturity, analyzing compliance against a variety of cybersecurity requirements. With an estimated 300,000 suppliers to the DoD, achieving a consistent level of cyber hygiene is important. Many contractors lack the required basic cyber hygiene processes, and don’t have comprehensive visibility into their network perimeter.
In a recent NextGov article, we discuss critical steps that DoD contractors should take to diminish the security gap and overall cyber risk. And, in a recent Washington Technology article, we detailed best practices for contractors as they work to achieve CMMC compliance.
Contractors often address cybersecurity vulnerabilities with an intricate patchwork of point products that don’t work together, are hard to manage and don’t provide them with the visibility of the cyber threats in the network. If contractors continue to use these point products instead of a unified platform to remediate individual vulnerabilities, they will simultaneously increase cost, complexity and risk – and may be unable to fully meet the CMMC requirements without making significant changes.
DoD contractors must have the ability to track and report network security in real time, in line with CMMC requirements.
Tanium helps contractors accelerate CMMC compliance by mapping to key capability guidelines, providing continuous reporting and supporting progression through the model’s maturity level ranking.
With Tanium, contractors have a single, unified platform that aligns endpoint management and security, helping to compile data from endpoints. The platform provides comprehensive threat monitoring with detailed incident analysis so that contractors can identify, isolate and mitigate threats in real-time. This helps simplify management of hybrid environments, gives contractors a better understanding of their environment and prepares them for future CMMC audits. These steps help the DoD community achieve the ultimate goal – stronger resiliency against cyber risks.