Signs

26 Feb 2020

Sometimes, government requirements and regulations can make you feel like you are Alice falling down new rabbit holes, trying to figure out just what exactly your business needs to do to win (and keep) your contracts and subcontracts.

Do you need to be NIST certified? SP 800-53 or SP 800-171, or both?  What are FARS and DFARS?  Are UK NCSC Cyber Essentials, or AU ACSC Essential Eight in any way relevant?

The goal of the CMMC is to consolidate everything into one (hopefully) simple model.  So instead of chasing requirements, they are right there and easy to find.  It is a “Maturity Model” with five different levels called “Maturity Levels (ML); each level is essentially a stepping stone to the next level, meaning you can’t achieve ML 5 until you have also achieved ML 1-4.

The problem right now is that everything still seems up in the air, and the uncertainty of not knowing exactly what you are supposed to be doing can be nerve-wracking.  What can you do??

What we recommend is working on achieving ML 3 for the time being, and here is why:

  1. ML 3 is essentially cybersecurity best practices.  Even if you are not required to achieve ML3, it is still a good idea to protect yourself from hackers, who can shut down your company and compromise your business.
  2. You should already be NIST SP 800-171 certified NOW.  While there are a few extra security measures added to ML 3, if you have all NIST SP 800-171 security controls in place now, passing CMMC ML3 will be relatively easy.  UNTIL CMMC IS FULLY IN PLACE, YOU CAN LOSE YOUR CONTRACT IF YOU ARE NOT ACTUALLY NIST SP 800-171 CERTIFIED.
  3. Competitive Advantage.  Not only could it help you win new contracts that DO require your business to be ML3 certified, if you are competing for a contract, you can let them know you have gone above and beyond in your cybersecurity measures.

We also have a little secret for you… while there are often some slight differences, most of these regulations’ security controls are based on NIST SP 800-171; NIST SP 800-171 is considered “cybersecurity best practices” so it will give you a REALLY strong foundation to grow from.

Also, as far as the DoD is concerned, they are not trying to trick their contractors and subcontractors.  Regardless of how it might somehow feel, they are not rooting for your failure; on the contrary, they are attempting to keep their data safe.  That’s the whole point of the CMMC.  Katie Arrington, Chief Information Security Officer for the Office of the Under Secretary of Defense for Acquisition and Sustainment noticed a trend: NIST SP 800-171 self-reporting was NOT working.  Contractors were constantly victims of cyber attacks and something needed to be done about it because it was putting the US Federal Government at risk.  They understood that cybersecurity and safety were hard to achieve and they decided to make it easier.

So while it may seem uncertain and confusing at first, especially considering the fact that not everything is in place yet, the goal is to help you protect your business against hackers.  We here at Petronella Technology Group are familiar with the security controls and we recommend starting your journey to cybersecurity sooner, rather than later.  Give us a call at 919-422-2607 or schedule a free meeting online by clicking here.

Schedule an Appointment

Schedule an Appointment

    Our clients are awesome!

    Based on 55 reviews.
    Jeremy Richards
    Jeremy Richards
    2020-03-13
    Petronella provides great advanced digital marketing and automation solutions for my business!
    Kate Swenson
    Kate Swenson
    2020-02-14
    Highly recommended for CMMC certification assistance! Excellent and affordable options for secure data hosting on local infrastructure. 5 stars!
    Tom Matzen
    Tom Matzen
    2020-01-25
    Petronella Technology Group helped us setup our sales and marketing automation, cybersecurity and compliance for our new Blockchain startup. Great to work with! Craig in particular really knows his stuff, can translate into non-tech speak, and has wisdom beyond his years. Highly recommend them.
    Justin Summers
    Justin Summers
    2020-01-14
    Craig is awesome! He is very professional and efficient with his work. I would definitely recommend Petronella Technology to anyone who needs state of the art service.
    Blake Rea
    Blake Rea
    2020-01-14
    Craig is an expert in his field. Impressed by his knowledge, A true pioneer in Cybersecurity. My business is safer thanks to Petronella Tech!
    Robert Friedman
    Robert Friedman
    2020-01-10
    For the last five years Craig has been the Contributing Editor for Cybersecurity for NC Triangle Attorney Law Magazine which I publish. His base of knowledge is always leading edge, pragmatic and early to understand for our readers who are not techies. He is patient and easy to work with.
    Tammy Everett
    Tammy Everett
    2020-01-10
    Craig Petronella, CEO of Petronella Technology Group provided the members of the Defense Alliance of North Carolina expert advice on cybersecurity and NIST compliance. Eye opening experience! Thanks so much!
    Julie Brown
    Julie Brown
    2020-01-09
    Craig and the Petronella Technology Group, Inc. team made HIPAA compliance for my small practice so simple and easy! They helped me with all of my HIPAA training, HIPAA Security Risk Assessment, Penetration Test, and HIPAA secure hosting so I can rest easy.
    Pivot Point
    Pivot Point
    2020-01-03
    Petronella Technology Group helped us with our marketing strategy for our new web startup. Awesome experience!!!!
    Richard Brunet
    Richard Brunet
    2019-12-30

    SCHEDULE AN APPOINTMENT

    Make It Happen Now

    CLIENT SUPPORT

    Don't Feel Stranded

    CONSULTATION

    Get Best Advice

    PAYMENTS

    Make A Payment

    Top