Maintenance mode

The Risk Management-ISAO website is currently undergoing
scheduled maintenance

Subscribe to our newsletter for more updates

News

  1. Home
  2. Cybersecurity
Why CMMC?
February 14, 2021
by Tara Lemieux0 comments

Why CMMC?

The theft of intellectual property and sensitive data from our defense industrial base has resulted in devastating impacts to our economy and national security with total remediation estimates anticipated to reach $128 billion USD by end of 2020.

Though no industry is untouched by the impacts of such attacks, our Defense Industrial Base continues to be a prime target for exploitation by our overseas adversaries.

According to a report published by Statista (Published by J. Clement, Aug 27, 2020):

 “With the increasing use of digital files and reliance on digital data by many corporations, data breaches have become fairly common in the last decade or so. For example, the number of data breaches in the U.S. increased from 157 million in 2005 to 1.47 billion in 2019, while the number of exposed records jumped from around 67 million to 164.7 million during the same time frame. “

Sadly, data breaches occur on a nearly daily basis within the United States, attacks that are successful in exfiltrating and exposing our Personally Identifiable Information (PII), email addresses, passwords, credit card numbers, social security numbers and other highly sensitive data. Within the DoD, these data breaches have a primary focus: exposing highly sensitive personnel records, technical data, and other exchanges that can be leveraged by our foreign adversaries placing the lives of government personnel and US Service members at increased risk.

As such, it is no longer enough to stand ready and vigilant. Rather, our vigilance must be guided by measures that are commensurate to the data we are tasked to protect. We must engage proactive strategy and measures for anticipating, mitigating and potentially halting these attacks.

So, why the CMMC?

The CMMC is not only intended to provide the means by which organizations may enhance their security fortifications, it integrates additional practices and measures that help to ensure that these controls can be sustained. Moreover, a rigorous assessment methodology provides additional assurance that the organization can competently represent its duties under the new requirements set in place by the DoD. It likewise establishes an infrastructure through the establishment of an independent accreditation body (the CMMC-AB) and supporting certified entities who will guide implementation while assuring accountability throughout all aspects of the reporting and credentialing process.

Add a Comment

Your email address will not be published.