The Cybersecurity Maturity Model Certification (CMMC) is an initiative by the U.S. Department of Defense (DoD) designed to assess and enhance the cybersecurity posture of all contractors and subcontractors doing business with the DoD. The CMMC is a framework that combines existing security standards—including NIST SP 800-171, NIST SP 800-53, ISO 27001, ISO 27032, AIA NAS9933—into a unified standard for defense contractor cybersecurity. This department-wide certification program serves as a verification mechanism to ensure appropriate levels of cybersecurity practices and processes are in place to protect controlled unclassified information (CUI) that resides on the department’s industry partners’ systems.
CMMC and RSA Archer
RSA Archer is a leading risk management and compliance platform that uniquely links business context, regulatory requirements, and security processes to help organizations more effectively manage risk and maintain compliance.
Specifically for CMMC, RSA Archer can support suppliers in conducting a CMMC readiness assessment, developing and documenting of security plans, managing and mitigating gaps in security posture as a result of a CMMC independent audit, and maintaining ongoing CMMC domain-level compliance. Additionally, using RSA Archer Third Party Engagement capabilities, organizations can address broader supply chain requirements of CMMC by cataloging of third- and Nth-tier support contractors and assessments.