Chapter 4: CMMC implementation

The whole point of the CMMC process goes back to the original requirement of DFARS 52.204-7012 – to provide ‘adequate security’.

But what is adequate security? In the past the legislation would have created a set of controls as adequate security. This has changed. This test of adequate security is now known as the risk-based standard and is in line with most modern cybersecurity legislation around the world. It is similar to the EU’s General Data Protection Regulation (GDPR) Article 32, which requires anyone who processes the information of EU residents to “implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.”³⁰

About 20 US states have similar requirements. ...

Get The Cybersecurity Maturity Model Certification (CMMC) – A pocket guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

The Cybersecurity Maturity Model Certification (CMMC) – A pocket guide by William Gamble

CHAPTER 4: CMMC IMPLEMENTATION

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly