ReadyCert CMMC comes fully equipped with every tool and framework you need for the level of maturity your enterprise is targeting including NIST 800-171. Unlike other cybersecurity programs CMMC focuses on the data; not hardware or software. CMMC will measure the cybersecurity maturity with five levels and aligns a set of processes and practices with the type and sensitivity of the data to be protected and the associated range of threats. These are the frameworks used to create the CMMC requirements framework.
Covered contractor information system means an information system that is owned or operated by a contractor that processes, stores, or transmits federal contract information not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government, but not including information provided by the Government to the public (such as on public websites) or simple transactional information, such as necessary to process payments.
NIST SP 800-171 Rev 1: Protecting Controlled Unclassified Information in Nonfederal Systems (Projected withdrawal February 21, 2021)
The purpose is to provide federal agencies with recommended security requirements for protecting the confidentiality of CUI when the CUI is resident in a nonfederal system and organization; when the nonfederal organization is not collecting or maintaining information on behalf of a federal agency or using or operating a system on behalf of an agency; and where there are no specific safeguarding requirements for protecting the confidentiality of CUI prescribed by the authorizing law, regulation, or governmentwide policy for the CUI category or subcategory listed in the CUI Registry.
Draft NIST SP 800-171B: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations: Enhanced Security Requirements for Critical Programs and High Value Assets
Draft NIST SP 800-171B was developed in the spring of 2019 as a supplement to NIST SP 800-171. The draft includes additional recommendations for protecting CUI in nonfederal systems and organizations where that information runs a higher than usual risk of exposure. When CUI is part of a critical program or a high value asset (HVA), it can become a significant target for high-end, sophisticated adversaries (i.e., the advanced persistent threat (APT)).
CIS Controls v7.1 1.4
The CIS Controls are internationally-recognized cybersecurity best practices for defense against common threats. They are a consensus-developed resource that brings together expert insight about cyber threats, business technology, and security. The CIS Controls are used by organizations with varying resources and risk exposure to build an effective cyber defense program.
The Center for Internet Security (CIS) developed the Critical Security Controls for Effective Cyber Defense. The 20 controls are based on the latest information about common attacks and reflect the combined knowledge of commercial forensics experts, individual penetration testers and contributors from U.S. government agencies.
NIST CSF v1.1: Framework for Improving Critical Infrastructure Cybersecurity (Framework)
Recognizing the national and economic security of the United States depends on the reliable function of critical infrastructure, the President issued Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, in February 2013. The Order directed NIST to work with stakeholders to develop a voluntary framework – based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure.
CERT RMM v1.2: CERT Resilience Management Model
CERT-RMM, the foundation for a process improvement approach to operational resilience management, defines the practices needed to manage operational resilience. It defines the essential organizational practices that are necessary to manage operational resilience.
NIST SP 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations
A catalog of security and privacy controls for federal information systems and organizations and a process for selecting controls to protect organizational operations (including mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation from a diverse set of threats including hostile cyber-attacks, natural disasters, structural failures, and human errors (both intentional and unintentional).
AU ACSC Essential Eight: Essential Eight Maturity Model
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has developed prioritized mitigation strategies, in the form of the Strategies to Mitigate Cyber Security Incidents, to help organizations mitigate cyber security incidents caused by various cyber threats. The most effective of these are known as the Essential Eight.
UK NCSC Cyber Essentials: National Cyber Security Centre
Cyber Essentials is a UK government information assurance scheme operated by the National Cyber Security Centre (NCSC) that encourages organizations to adopt good practice in information security.
FedRAMP: The Federal Risk and Authorization Management Program
The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP uses the NIST SP 800-53 security controls. FedRAMP requirements include additional controls above the standard NIST baseline controls in NIST SP 800-53 Revision 4. These additional controls address the unique elements of cloud computing to ensure all federal data is secure in cloud environments.
ReadyCert is the Software as a Service (SaaS) answer to Compliance! Take the tour with one of our subject matter experts with you or your entire team. You'll learn how ReadyCert will save your team time and effort when performing compliance work by automating mundane tasks and streamlines reporting across projects, enterprises and frameworks. Our team will show you how ReadyCert improves consistency and eliminates duplicate work scenarios, how it tracks vendor information and how controls are mapped to your enterprise's business areas.
Fill out this form and/or give us a call! +1.850.201.7146