Frequently Asked Questions

CMMC stands for Cybersecurity Maturity Model Certification. This certification is a newer and aims to increase compliance with the NIST 800-171 standard to ensure every government contractor has the appropriate security in place to handle sensitive data.

The CMMC only effects businesses that have current contracts with the government and for people whom hope to have contracts in the future. The certification is important because in order to even qualify for the contracts you will need it.

The NIST 800-171 is a security standard that was implemented years ago to address security concerns among government contractors/vendors. The CMMC process was later established to force compliancy with the NIST 800-171 standard.

The CMMC requires that all government contractors have their IT infrastructure audited for specific security requirements. The audit is performed to help contractors find holes in their IT network that may leave the government's data at risk. (See Below)

The CMMC Audit Process

1. Identify

  • Identify and control who has access to your SMM firm’s information
  • Conduct background checks*
  • Require individual user accounts for each employee
  • Create policies and procedures for information security

2. Protect

  • Limit employee access to data and information
  • Install surge protectors and Uninterruptible Power Supplies (UPS)
  • Patch your operating systems and applications
  • Install and activate software and hardware firewalls on all your business networks
  • Secure your wireless access point and networks
  • Set up web and email filters
  • Train your employees
  • Use encryption for sensitive information
  • Dispose of old computers and media safely

3. Detect

  • Install and update anti-virus, anti-spyware and other anti–malware programs
  • Maintain and monitor logs
  • Note unusual password activity

4. Respond

  • Develop a plan for disasters and information security incidents
  • Notify your customers and the authorities

5. Recover

  • Make full backups of important business data/information
  • Make improvements to processes, procedures and technologies
  • Make incremental backups of important business data/ information
  • BONUS: Consider cyber insurance

Cybersecurity Protection for the Manufacturing Industry

Small to medium sized manufacturing companies are at high risk of a cyberattack. This is because, manufacturers typically do not have many IT needs and if they do they are very basic needs, and often times the security surrounding their data and IT infrastructure is less sophisticated than those in other industries. This creates an ideal situation for cyber criminals and they WILL take the time to try to get into your system. After they have gotten access to your network they can cause major damage, resulting in costly consequences that many small-medium sized businesses are not designed to handle.

To combat this, you should be increasing your network security and align it with the requirements of the CMMC. This process is helpful because it provides you a step-by-step guide on how to identify, protect, detect, respond and recover from these horrible attacks. The NIST has created a separate guide for cybersecurity maintenance for manufacturers - it is called the NIST 8131 cybersecurity framework. This process is designed specifically for the manufacturing industry and can be a helpful guide to preventing cyberattacks in the future.

If you are in the manufacturing space and you are concerned about the security of your data, please don’t hesitate to reach out. Our team is here to help you fill the gaps in your infrastructure and protect your from a costly cyberattack.

Learn more about how we can do that today.

Interested in partnering to help you fulfill the certification requirements?
We are happy to help fill any security gaps you may find in your network?