Defense Alliance of North Carolina (DANC): Special Offer
First and foremost, I would like to thank you all for joining me in my presentation!
I know it was a lot of information to digest and the government doesn’t exactly make it easy! That being said, if you have any questions, please don’t hesitate to visit my brand new NIST Defense Forum where you can not only ask me and my team anything and everything NIST SP 800-171 related, but where you may discover answers to questions you never even knew to have.
Speaking of which, I want to touch on something I have been getting a LOT of questions about lately; a trend I don’t see stopping anytime soon, to be honest…
“What the heck is the Cybersecurity Maturity Model Certification (CMMC) audit and how in the world do I pass it?”
That is a really great question, too… One that we don’t have a full answer to because, well, there are (as of today), a lot of undefined and undetermined aspects of the future audit.
Here, however, is what we do know:
- Ms. Katie Arrington (Special Assistant to the Assistant Secretary of Defense for Acquisition for Cyber) states the “Honor System” cybersecurity approach is not working as evidenced by the astounding number of breaches
- The objective of CMMC is to simplify and unify current NIST SP 800-171 and DFARS cybersecurity guidelines into one semi-automated, cost-effective model
- There are slated to be 5 levels of implementation that will rely on the 110 security controls outlined in NIST SP 800-171. To gain the highest level, your company must have all 110 NIST SP 800-171 security controls in place. For 1-4, you will be required to have certain controls in place, but it is currently unknown which ones
- Here is what we do know about the levels (though this is subject to change):
- CMMC Level 1: Basic Cyber Hygiene
- CMMC Level 2: Intermediate Cyber Hygiene
- CMMC Level 3: Good Cyber Hygiene
- CMMC Level 4: Proactive Cybersecurity
- CMMC Level 5: Advanced and Progressive Cybersecurity
- Independent 3rd party organizations will be conducting audits
- Goal: Begin accrediting auditors by 2020
Until CMMC audits begin (the date of which is still TBD), every contractor, subcontractor and/or entity that handles CTI or CUI must be NIST SP 800-171 compliant, or face losing their contract and/or criminal charges!
So what exactly does all of this mean to YOU and YOUR business?
That’s another excellent question. Once CMMC rolls out:
- There will most likely no longer be NIST SP 800-171 or DFARS 252.204-7012 (WOW!!)
- Contractors and subcontractors MUST be CMMC certified BEFORE they will be granted contracts
- It will IMPERATIVE for you to be compliant by the time audits begin because not only will you lose your contracts if you’re not, but you will not even be granted them in the first place if you aren’t compliant!
If this gives you a little scare, that’s because it should! The DoD is not happy with the current lack of cybersecurity exhibited by contractors/sub-contractors, and they are trying to fix the system.
However, there are some advantages to being CMMC/DFARS/NIST compliant:
- The biggest advantage is that it will keep your data and your clients’ information safe. According to a report published by the Audit and Advisory company, Sera Brynn: “In almost all the incident response cases we investigated, had the 800-171 controls been implemented, a breach most likely would not have occurred, or the impact of the breach would have been significantly reduced.”
- Your company will have a competitive advantage for government contracts over other businesses who are NOT CMMC compliant.
So, in the meantime, it is necessary for you and your business to become NIST SP 800-171 compliant which can be a HUGE and EXPENSIVE step; a lot of companies charge between $10K to over $150K for NIST compliance!!! But here at Petronella Technology Group, we believe that small-to-medium sized companies also deserve a piece of the government contractor pie, which is why we are offering all of the companies who attended our presentation a deal on our NIST Essentials Security Checkup and our 23-point SEO Checkup!
Normally these checkups are $500 each, but because you attended our meeting, we are offering 10% off!
For $900, which is just a fraction of the price of what other companies charge, you will get:
- NIST Essentials Security Checkup
- Gives a bird’s eye view of the current landscape
- Identifies vulnerabilities that need to be remediated
- Gives you a blueprint to NIST compliance, specific for your business
- 23-Point SEO Checkup
- Reviews over 23 technical points related to your digital marketing, website, and SEO, to uncover issues with your current SEO plan so you can learn how to win more government contracts
- Like the NIST Essentials Security Checkup, it gives a bird’s eye view of the current landscape by giving you a detailed look at exactly where your marketing is today
- Provides you with a blueprint detailing the exact steps needed to get your business on track to win more government contracts
Government compliance is already complicated enough. Let us worry about that while you just focus on getting the job done!