Since 2017, the U.S. Government has been working on an initiative in response to the increasing frequency and severity of cyberattacks on the US defense industrial base (DIB). Now in effect as of December 1, the Cybersecurity Maturity Model Certification (CMMC) program will impact every organization involved in DoD contracts along the entire supply chain—from research to manufacturing. Defense Industrial Base (DIB) companies must be prepared to certify they are compliant or risk losing their funding.

To be CMMC compliant, an organization must be audited by a registered and approved third-party auditors which are currently being vetted. With COVID-19 lending to another rise in cyberattacks and uncertainty surrounding the process of audits, it is critical DIB organizations invest in a tried and tested technologies that are already meet NIST SP 800-171r1 requirement.
SPYRUS has spent 20 years building and deploying military grade cryptographic solutions for the U.S. Government and private sector and can help organizations immediately meet level 3 of the CMMC framework.

CMMC is mandated by DFARS Clause 252.204-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting” and requires IT departments to be NIST SP 800-171r1 compliant or more based on the controlled unclassified information (CUI) and other intellectual property (IP) involved. CMMC is broken into five different levels ranging from “basic cyber hygiene” practices and “performed” processes to “advanced / progressive” practices and “optimizing” processes. CMMC mandates organizations possess a plan of action and milestones (POAM) built on top of the already existing 110 security controls of NIST SP 800-171.

Our DevicePatrol™ platform arms IT departments with necessary technology to immediately reach level 3 of the CMMC framework. The DevicePatrol platforms consists of FIPS 140-2 level 3 certified endpoints and a robust endpoint management software enabling IT departments to dynamically manage authentication keys, audit data access activity, and “destroy” data and operability of endpoints anywhere in the world. Each endpoint is tamperproof and secured with a Rosetta HSM meeting NIST SP 800-171 standards of data encryption and multifactor authentication (MFA) and does not use to computing components of a host device. When combined with the NcryptNshare secure collaboration software, files and folders can be secured with public key authentication and assigned access timers with end-to-end encryption to ensure complete data security at rest, in motion, and in use.

Adopting a new technical approach is a costly endeavor, especially when getting it wrong can result in severe reputational damage and loss of business. We’ve put together several materials to help you understand the CMMC framework and how our solutions can support you on our CMMC Certification page.