The Cybersecurity Maturity Model Certification (CMMC) is intended to help protect the supply chain of the U.S. Department of Defense (DoD). Organizations that handle sensitive government information will be required to implement cybersecurity measures primarily defined in NIST SP 800-171.
Research universities may also fall under the purview of CMMC if they have contracts with and handle sensitive information for the DoD. All institutions and specific departments conducting research for the DoD will need to be compliant with CMMC, some possibly as soon as October 1, 2023. It’s important to note that the specific CMMC compliance steps required of a university will depend on their current level of cybersecurity maturity and the level of compliance they need to achieve.
Before universities undergo an assessment by a certified third-party assessor (C3PAO), it is important for them to engage with a CMMC Registered Provider Organization (RPO) to identify cybersecurity gaps in their environment and plan for implementation of required controls. Additionally, the RPO may also help with implementing new technologies, policies, procedures, and training staff/stakeholders on cybersecurity best practices.
RPOs are the primary resource for universities looking to become CMMC compliant. RPOs can help universities to stay current with the latest developments and best practices in the field of cybersecurity, which is an important consideration in the rapidly-evolving world of CMMC compliance.
Tego Advisory Services can help you. We are a CMMC Registered Practitioner Organization (RPO) and can assist you with the protection of Federal Contract Information and Controlled Unclassified Information (FCI/CUI) in your research environment. For more information, contact us today.