Are you prepared for upcoming compliance requirements?
Depending on your industry, you may soon face a new business challenge: being ready to undergo and pass a mandatory IT security audit. Until recently, most small and mid-sized businesses – unless they are in health care or finance – haven’t needed to worry about compliance. But now, if you are in the defense industry, or if you are a supplier to other highly regulated or security-sensitive industries, passing a compliance audit will increasingly be a requirement to do business.
- The DoD will soon require that all suppliers in the defense supply chain pass an audit of their compliance with CMMC (Cybersecurity Maturity Model Certification) security practices.
- Other large companies are increasingly requesting or requiring compliance, often based on the NIST Cybersecurity Framework.
The good news is that compliance is not just a bureaucratic hurdle. If properly implemented, most of the requirements are also in the best interests of the business by helping protect them against the growing array of cybersecurity threats. But achieving compliance is still a time-consuming task that can be a major drain on management attention. And navigating the process to implement and document the controls and processes in the right way to ace an audit is challenging and time-consuming, especially if you are not an IT expert.
PCG can help by providing you with a Compliance Assessment. And following the assessment, by helping you implement and document the required security controls, and training your team on the associated procedures. The Compliance Assessment is an essential tool to help position your business to compete successfully and safely.
Here is what you get when you choose a compliance assessment from PCG:
- Review of Your IT System – We will assess your IT environment to determine the technical and business challenges in achieving your compliance goals.
- Vulnerability Scan – We will use run scans that examine your IT infrastructure to detect potential technical vulnerabilities that impact compliance.
- Compliance Evaluation – We will audit your compliance with the specific controls specified in the target compliance framework(s).
- Remediation Recommendations – We will set out prioritized recommendations to address compliance shortfalls, and to implement appropriate policies and tools.
The results of our assessment will be documented in a customized report. We will detail and score your current compliance, including current practices that are incompletely documented. We will also provide you with a roadmap and budget to guide you through the process of remediating your risks.
Below, Roger Walton discusses the issues of compliancy in regards to doing a risk assessment for a company.
What Compliance Needs Do PCG Assessments Address?
This year, much of our compliance activity is focused on the DoD’s Cybersecurity Maturity Model Certification (CMMC), which is described in more detail below. Other common targets for IT compliance are the NIST Cybersecurity Framework and NIST 800-171.
Other popular compliance standards where we can help are:
- NIST 800-53 for Federal compliance
- HIPPAA and HITECH for the medical industry
- PCI for businesses processing credit card payments
- ITAR and DFARS, also for the defense industry
- State privacy regulations
- GDPR, for EU data protection and privacy
- GLBA for the financial industry
What is the CMMC?
The Cybersecurity Maturity Model Certification (CMMC) is a unified standard for implementing cybersecurity across the defense industrial base (DIB), which includes over 300,000 companies in the supply chain. The CMMC is the DoD’s response to significant compromises of sensitive defense information located on contractors’ information systems.
The US Department of Defense (DoD) released the much-anticipated Cybersecurity Maturity Model Certification (CMMC) version 1.02 on December 20th 2020.
Previously, contractors were responsible for implementing, monitoring and certifying the security of their information technology systems and any sensitive DoD information stored on or transmitted by those systems. Contractors remain responsible for implementing critical cybersecurity requirements, but the CMMC changes this paradigm by requiring third-party assessments of contractors’ compliance with certain mandatory practices, procedures and capabilities that can adapt to new and evolving cyber threats from adversaries.
The Office of the Under Secretary of Defense for Acquisition & Sustainment maintains a CMMC FAQ where contractors can keep up to date on the certification process.
The CMMC Framework
The CMMC establishes five certification levels that reflect the maturity and reliability of a company’s cybersecurity infrastructure to safeguard sensitive government information on contractors’ information systems. The five levels are tiered and build upon each other’s technical requirements. Each level requires compliance with the lower-level requirements and institutionalization of additional processes to implement specific cybersecurity-based practices.
Benefits of a PCG Cybersecurity Risk Assessment
There are many benefits of a PCG risk assessment, including but not limited to:
- Qualify to bid for work. Compliance is increasingly a prerequisite to qualify for contracts.
- Keep your business running. A cyber attack can bring your business to a halt, and some never recover. Becoming compliant will help you avoid one.
- Privacy for your employees and partners. Your team and your customers depend on you as a trusted custodian of their confidential information.
- Protect your reputation. When your data gets leaked, people find out.
- Build a plan of action. Compliance takes time, not just money. Prioritize your time investments.
- Identify your vulnerabilities. If a bad actor wants to attack you, where would they start?
- Comply with legal requirements. Failing to protect private information doesn’t just harm your reputation, it may put you in legal jeopardy too.
- Help with jargon and acronyms. IT security is laced with technical terminology that makes it hard for non-specialists to navigate. We can help.
- Reduce cyber insurance premiums. Every business should carry insurance. Becoming compliant may help you qualify for lower premiums.
Why Choose PCG IT?
You need a security partner with a deep knowledge of IT technologies, but also with an understanding of the realities of running a business like yours. At PCG IT, we take pride in offering a wide variety of cybersecurity solutions for businesses. Our team has the skills and competencies to keep you safe, while clearly communicating the threats and risks you face.
PCG has the expertise needed for IT planning and budgeting and security risk minimization and can adapt and change as IT requirements do.
Contact PCGIT for More Information
Ensure your data and IT infrastructure is protected and managed efficiently with the help of an experienced Managed IT Services Provider. At PCG IT, we strive to give our customers predictable outcomes, including cost and security. Contact us today for more information at (603) 431-4121