Posts

Cybersecurity in a Cybercrime-Filled World

“Don’t you drop those gloves, little girl, keep ‘em up.”

“What’d I tell you about tucking those elbows? When you give them a rib, you give them a win. I KNOW you’re not dropping those gloves.”

Boxing sessions with my grandfather always ended with Fudgesicles and Otis Redding. He was a mountain of a man, who knew the balance between protecting yourself and as Otis said, when you’ve “got to, got to, try a little tenderness.” He taught me that boxing was similar to life. That people will punch you square in your face if you let them, but you have to protect the core of who you are or else the fight is over.

I doubt he ever believed I’d be comparing this lesson to the importance of cybersecurity and Cybersecurity Maturity Model Certification (CMMC) requirements. Shockingly, estimates show that close to 600 billion dollars are lost each year to cybercrime. As a small business in the Defense Industrial Base (DIB), if that isn’t a punch in the face, I don’t know what is.

When CMMC was introduced, we recognized that good cyber hygiene was at the core of competing in this space. Tucking our elbows became a way of life at JetCo Federal, and we applied this concept not only to CMMC and its five levels, but also in the decision for certifications such as HAZMAT, ISO 27001, and generally any compliance that adds power to our jab-jab-cross.

*Hey Google, play Hard to Handle by Otis Redding*

Complex doesn’t put us up against the ropes. Doing the right thing and staying in the fight is what matters. Our approach to CMMC and general compliance is that it’s our ribs. Losing critical information, CUI, intellectual property, etc. can drag us out of the ring with a hard enough hit.

We’ve been working with experts since NIST 800-171 and are positioned to be quite the competitor in 2021. We continue to keep our gloves up and our elbows tucked, ready for whatever fight is to come.

CMMC and the Importance of Cybersecurity

In mid-2020, the Department of Defense will begin enforcing provisions of the Cybersecurity Maturity Model Certification (CMMC) for all contractors, augmenting the NIST SP 800-171 recommendations that have been standard for governing protected information since the early 2000s. This change is already having major impacts on organizations working toward compliance. When the requirements begin appearing on contracts in June, it is expected that there will be immediate effects for the industries and companies that rely on government sales, even indirectly.

Not familiar with CMMC? Here’s a primer:

CMMC Certification Logo

What is CMMC?

The Cybersecurity Maturity Model Certification (CMMC) is designed to combine best practices and standards from across the security industry, creating a uniform policy that reduces the risk of threats to Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) – data that is protected from public disclosure but not necessarily access-restricted by law or regulation.

How will CMMC be implemented?

The implementation of CMMC includes standards for physical system access, operations and maintenance, documentation, and digital system access. A key difference between CMMC and earlier frameworks is the certification requirement: companies can no longer self-certify their compliance. An independent 3rd party must now audit the implementation. Additionally, subcontractors are also required to adhere to CMMC, even if they do not handle CUI directly.

Luckily for companies trying to navigate the often-muddy waters of government contracts, CMMC uses a tiered system. Not all companies need to apply the strictest standard, so there are five levels of compliance, ranging from “Basic Cyber Hygiene” to “Advanced/Progressive”.

The basic levels are designed to result in a uniform minimum level of protection, without being cost-prohibitive for most organizations. In some cases, the implementation may be eligible for reimbursement by the Department of Defense. Check for the CMMC certification required to bid in sections L & M of government RFPs.

Why cybersecurity?

According to the Council of Economic Advisors, it’s estimated that malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016. Cybersecurity is not only important for keeping federal contract information and data secure, but it’s also important for companies wanting to keep their own confidential data secure.

JetCo Federal has achieved Level 1 CMMC compliance and is working with our partners to become Level 2 certified. We have always believed in data security as a core component of managing complexity successfully, and that strong access and documentation protocols protect us as well as our customers. For our commercial clients, suppliers, and partners, this means that when we transmit, store, or manage their confidential data, it’s subject to those same restrictions and protection. For some organizations, the extra compliance might be frustrating, for JetCo Federal, it’s just another part of how we re-win our business every day.