Logo
(817) 377-WIRE (9473)
Request a Quote
Menu

Navigating the Cybersecurity Compliance Journey (Part 2)

 

InterConnect Wiring Obtains Coveted 110 Score!

If you will recall, in our last informational blog titled “Navigating the Cybersecurity Compliance Journey, Part 1”, I shared information on understanding NIST SP 800-171 and Controlled Unclassified Information (CUI). I also provided you with my recommendations of the Steps to Achieve NIST SP 800-171 Compliance. These vital steps are as follows: 

  1. Gap Analysis
  2. Develop a System Security Plan (SSP)
  3. Implement Security Controls
  4. Conduct a Self-Assessment
  5. Continuous Monitoring and Improvement

If you missed it, be sure to read this.

In Part 2 of Navigating the Cybersecurity Compliance Journey, I will cover understanding scoring and moving to CMMC 2.0.

 

Understanding Scoring and Trying to Explain It

One thing that can be very confusing along the way of navigating toward CMMC compliance is that the scoring for NIST SP 800-171 (and for CMMC 2.0 as well) is not 0 to 110, with 110 individual controls.  If it were that way, each control would be 1 point, and it would be simple.  There are 110 controls, so the number of controls you fully meet can be 0 to 110.  However, the points assigned can be 1 point for certain controls and 1 point or 3 points or 5 points for other controls.  So, if you add up all the points available and you want to end at 110 points with full compliance (so it matches the number of controls at 110), then you need to start at -203 points for those Organizations Seeking Compliance (OSC).  I hope I’ve explained that well.

 

Moving to CMMC 2.0

The CMMC 2.0 framework builds on NIST SP 800-171 by introducing a tiered model with three levels of cybersecurity maturity. It aims to enhance the protection of CUI and Federal Contract Information (FCI) across the Defense Industrial Base (DIB).  CMMC is the future of NIST SP 800-171.   Note that CMMC is not in effect yet.  The United States Department of Defense (DoD) is targeting Q1 of 2025 to start putting CMMC into contracts.  Please note that as of today, no member of the DIB can say they are CMMC compliant.  That is because CMMC compliance does not exist yet.  Currently we are under NIST SP 800-171, Revision 2, and will remain so until the DoD changes this.

 

Steps to Achieve CMMC 2.0 Compliance

  1. Determine Your Required CMMC Level:
    • Identify the CMMC level required for your contracts. Levels range from Level 1 (Foundational) to Level 3 (Expert).
  2. Map NIST SP 800-171 Controls to CMMC Requirements:
    • Align your existing NIST SP 800-171 controls with the corresponding CMMC practices and processes.
    • Identify any additional requirements specific to your CMMC level.
  3. Prepare for Assessment:
    • Engage a CMMC Third-Party Assessment Organization (C3PAO) to conduct an official assessment.
    • Ensure all documentation, including your SSP and Plan of Action and Milestones (POA&M), is up-to-date and comprehensive.
  4. Undergo the CMMC Assessment:
    • The C3PAO will evaluate your compliance with the required CMMC level.
    • Address any findings or deficiencies identified during the assessment.
  5. Maintain Certification:
    • Once certified, maintain your CMMC compliance through continuous monitoring and regular updates to your cybersecurity practices.
    • Prepare for periodic reassessments to retain your certification.

For InterConnect Wiring, our GRC product has the CMMC v2 controls built in and allowed us to map them to their corresponding NIST SP 800-171 controls.  So, as we met our NIST requirements we prepared ourselves to meet the same CMMC requirements.  This was a nice thing that version 2 of CMMC did; to make the number and actual controls the same as those of the NIST controls.  Version 1 of CMMC had more controls and they didn’t match with NIST and the DoD realized that it would be much easier to help the DIB get this done if the controls matched.  Good call, DoD.

We found a consulting firm that helped us with some of the more challenging pieces to implement.  We simply didn’t have all the software tools or staff to provide all the services/functions required to meet the control requirements.  We outsourced some services and purchased some software through them and they became our Managed Security Services Provider (MSSP).  Ensuring compliance was one of our MSSP’s services offered.  This included helping us make sure our policies and procedures were adequate and our SSP explained what we do to be compliant.

Conclusion

I am pleased to announce that InterConnect Wiring has officially reached the highest score possible, 110! Achieving compliance with NIST SP 800-171 and transitioning to CMMC 2.0 is a critical journey for U.S. defense contractors. By following these steps, you can ensure your organization is well-prepared to protect sensitive, unclassified information and meet the stringent requirements of the DoD. InterConnect Wiring is in such a better place now, with regard to cybersecurity, staying proactive, staying compliant, and contributing to a more secure defense industrial base. 

I hope this has been a help to you as you strive to fully understand the cybersecurity compliance requirements within the DIB.

 

About the author: Doug Symes, InterConnect Wiring, IT Manager

With a keen eye for cybersecurity and a passion for innovation, Doug Symes leads the Information Technology (IT) department at InterConnect Wiring. His expertise in navigating the complexities of the Cybersecurity Maturity Model Certification (CMMC) has positioned InterConnect as a forward-thinking contractor, able to meet the stringent requirements of the Department of Defense. Doug’s strategic approach to IT management ensures that InterConnect remains at the forefront of technological advancements, providing exceptional service and support.  Over the 15 plus years at InterConnect, Doug’s commitment to excellence is evident in his proactive stance on cybersecurity, ensuring that all systems are robust and resilient against potential threats. His leadership is instrumental in fostering a culture of continuous improvement and adaptability within the IT team.

Doug has been married to his wife Kara for 22 years and has four sons.  Doug earned a bachelor’s degree from Wichita State University and a Masters of Divinity from Southwest Baptist Theological Seminary here in Fort Worth.  Doug was born in Huntsville, Alabama while his father was working with Boeing and NASA there on a join space project.  The family moved back to Wichita, Kansas where Doug was raised.  Doug is no stranger to aerospace as his grandmother riveted bombers during WWII and direct family members worked for Boeing, Cessna, Beechcraft and LearJet.

 

 

AWARDS AND RECOGNITION

Our License

We are the sole licensee of Lockheed Martin for F-16 electrical products. Through this agreement, we have access to Lockheed Martin’s F-16 engineering data, tooling and configuration control information. We also have a Technical Services agreement with Sikorsky for all of their aircraft. This agreement allows us to obtain their engineering data needed to rewire helicopters that Sikorsky manufactures.

Our License

OUR CUSTOMERS

bae-systems
boeing-systems
lockheed-martin
NorthropGrummanLogo
L3Harris_Technologies-Logo
SikorskyLogo

Contact Us



    * These fields are required.

    footer logo

    Telephone: 817-377-WIRE (9473)

    FAX: 817-732-8667

    5024 W. Vickery Blvd

    Fort Worth,  TX  76107  USA

    CAGE Code: 0WW63

    DUNS: 80-271-1887

    Unique Entity ID: ZVB9MVMLTQL3

    Transparency in Coverage Rule

    CareersSuppliersLog-In

    NAICS #:

      • 331491
      • 334419
      • 334511
      • 334519
      • 335921
      • 335929
      • 335931
      • 335999
      • 336411
      • 336413