This week on the podcast we talk Zero-Trust. What is it? How do you implement it? And why should all IT professionals work towards updating their networks to this security architecture? We’ll answer all that and more after a quick Kaseya update and a security memorandum from the White House.
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Google Podcasts | Stitcher | RSS
The driving reason to become compliant with the CMMC is the requirement for contractors of the US Government to be able to take on new contracts for any job containing CUI (Controlled Unclassified Documents). So the “teeth” you keep mentioning is cold cash money. If you can’t meet or prove you are trying to meet compliance of the particular level of the CMMC, your company won’t get income.
As an IT Pro who is going through the controls it is indeed a PITA. However if it helps keep me employed, and our business afloat I’m for it.
P.S. it’s a “hard requirement” for all new contracts starting in 2025. To prove compliance your policies/processes, systems need to have third party attestation. If the job you are working on or bidding for required compliance it is a reimbursable cost. Currently the attestation companies are just coming on line, also how long will it take to get the money back?
CMMC is a great idea but yes indeed it is full of grey, is a time suck, and ultimately is just a great benchmark for IT policies and processes. There are a few People policies but mostly this will be something driven and placed on the shoulders of IT pros.