What is CMMC?
The Cybersecurity Maturity Model Certification (CMMC) is a unified standard for implementing cybersecurity across the defense industrial base (DIB). It was developed by the Department of Defense (DoD) to ensure that defense contractors and subcontractors adequately protect sensitive unclassified information, specifically Controlled Unclassified Information (CUI) and Federal Contract Information (FCI).
Who Does CMMC Apply To?
CMMC applies to all DoD contractors and subcontractors, regardless of size, that handle FCI or CUI. This includes:
- Prime Contractors: Companies directly contracted by the DoD.
- Subcontractors: Companies that work with prime contractors and handle DoD data.
- Any organization in the DoD supply chain: This broad reach ensures that all levels of the supply chain are maintaining appropriate cybersecurity hygiene to protect national security information.
How does Huntress impact my scope?
Huntress can assist in the controls required to be implemented in order to protect you and your clients systems. Huntress will be protecting CUI but, with Sensitive Data Mode enabled, will not access, process nor store that CUI. This classifies Huntress as a Security Protection Asset.
Sensitive Data Mode
When managing cybersecurity in a CMMC-compliant environment, certain capabilities are required for handling files containing CUI during threat detections. For example, retrieving files for malware investigations could unwittingly expose sensitive information.
Recognizing this challenge, Huntress built our new Sensitive Data Mode—a configuration designed to strike the perfect balance between effective threat investigation and compliance requirements. Read more here.
How is Huntress preparing to assist with my CMMC requirements?
Huntress has partnered with DEFCERT in order to evaluate our Shared Responsibility Matrix and assist in assessment readiness material for our customers.
DEFCERT has led DFARS and CMMC compliance transformation projects for over 150 manufacturers in the Defense Industrial Base and specializes in designing CMMC implementation plans for small and medium-sized manufacturers who utilize third-party IT service providers.
What Documentation Is Available to Support My or My Client’s Audits?
Here is some documentation we currently provide in the Huntress Hub that we would suggest viewing:
A 'Start Here' Guide
Shared Responsibility Matrix
Operations Plan
Security Operations Approvals
Security Controls Assessment: Detection and Response
Logged Events Review
Interconnection Security Agreement
Incident Handling Checking
Baseline Configuration: Organization
Baseline Configuration: Account Level
DoD Log Parameters