CMMC Applies to Higher Education Institutions

CMMC Applies to Higher Education Institutions

The Cybersecurity Maturity Model Certification (CMMC) is intended to help protect the supply chain of the U.S. Department of Defense (DoD). Organizations that handle sensitive government information will be required to implement cybersecurity measures primarily defined in NIST SP 800-171.

Research universities may also fall under the purview of CMMC if they have contracts with and handle sensitive information for the DoD. All institutions and specific departments conducting research for the DoD will need to be compliant with CMMC, some possibly as soon as October 1, 2023. It’s important to note that the specific CMMC compliance steps required of a university will depend on their current level of cybersecurity maturity and the level of compliance they need to achieve.

Before universities undergo an assessment by a certified third-party assessor (C3PAO), it is important for them to engage with a CMMC Registered Provider Organization (RPO) to identify cybersecurity gaps in their environment and plan for implementation of required controls.  Additionally, the RPO may also help with implementing new technologies, policies, procedures, and training staff/stakeholders on cybersecurity best practices.

RPOs are the primary resource for universities looking to become CMMC compliant. RPOs can help universities to stay current with the latest developments and best practices in the field of cybersecurity, which is an important consideration in the rapidly-evolving world of CMMC compliance.

Tego Advisory Services can help you.  We are a CMMC Registered Practitioner Organization (RPO) and can assist you with the protection of Federal Contract Information and Controlled Unclassified Information (FCI/CUI) in your research environment. For more information, contact us today.

About the author
Jennifer Vosburgh is a seasoned Marketing and Communications professional. With over 15 years of experience, she has a strong background in Marketing, Communications, and Event Management. As Vice President of Tego Data Systems in Raleigh, NC, Jennifer is responsible for delivering full-scale Marketing Campaigns across all platforms including website, email, social media, events, and more.

By using this website you agree to our updated Conditions of Use and consent to the collection and use of your personal information as described in our updated Privacy Notice, which includes the categories of data we collect and information about your preferences and rights.