How to Get Your Security Aligned with the CMMC

Katie Arrington, the acting CIO for the Department of Defense, is fiercely determined to enforce the requirements of the Cybersecurity Maturity Model Certification (CMMC), considering it a primary defense against China’s cyber incursions – and one she expects the Defense Industrial Base (DIB) to meet.

Among the best practices suggested for achieving CMMC is maintaining a comprehensive, accurate asset inventory, because it defines the borders of an agency’s networks. This is often difficult to create, as asset ecosystems are growing, vulnerability gaps are easy to miss, and compiling accurate reports is challenging, especially on a budget. While having such an inventory requires continuous assessment, as organizations’ IT ecosystems are in constant flux, given today’s workplace conditions, it can be useful for other compliance requirements, such as meeting Peripheral Component Interconnect (PCI) communications standards or HIPAA privacy standards.

Learning Objectives:

• Outline the ways that your agency’s system security plan and plan of action — with milestones — can work together and reinforce each other
• Identify how to create the scope and security requirements of your agency’s attack surface using an accurate asset inventory
• Review how to use policies and procedures as the foundation for CMMC compliance
• Delineate other ways to utilize your agency’s asset inventory to meet additional regulatory and policy requirements