What is CMMC / NIST 800?
The Department of Defense (DoD) created the Cybersecurity Maturity Model Certification (CMMC) program in 2019; based on the cybersecurity guidelines already laid out in the National Institute of Standards and Technology's Special Publications 800 series (NIST 800 or NIST SP800).
Contractors in the Defense Industrial Base (DIB) need to be compliant with CMMC in order to win and service DoD aquisition contracts. CMMC is there to protect sensitive information involving DoD projects, the contractors themselves, and the final products against the increasing threat of cyberattack, malware, and compromise.
However, several major changes and updates to the program have made keeping full compliance difficult.
That is where experts like Ember come in, to assist contractors and subcontractors with keeping current, compliant, and secure.
With CMMC 2.0, more companies than ever will need to meet or exceed cybersecurity regulations.
CMMC requirements are now not only for Defense Contractors, but also Subcontractors, and a hasty self-assessment just isn't going to cut it anymore.
What is HIPAA?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted in 1996, intended to modernize the handling of healthcare information and ensure patient privacy.
Among other things, HIPAA stipulates how personally identifiable information (PII) or protected health information (PHI) needs to be handled and maintained by the healthcare and health insurance industries, in order to protect patient privacy, and guard against fraud and theft.
By now, most Americans are familiar with HIPAA's Privacy Rule, which covers how, and with whom, patient information can be shared. Less well known is HIPAA's Security Rule, which dictates how covered entities protect and secure their PHI in electronic form (e-PHI). This is where the cybersecurity component of compliance comes into play, and is arguably the more difficult portion to become compliant with.
To comply with the HIPAA Security Rule, all covered entities must:
- Ensure the confidentiality, integrity, and availability of all e-PHI
- Detect and safeguard against anticipated threats to the security of the information
- Protect against anticipated impermissible uses or disclosures that are not allowed by the rule
- Certify compliance by their workforce
The DIB is the target of increasingly frequent and complex cyberattacks by adversaries and non-state actors. Dynamically enhancing DIB cybersecurity to meet these evolving threats, and safeguarding the information that supports and enables our warfighters, is a top priority for the Department.
CMMC is a key component of the Department’s expansive DIB cybersecurity effort.
How does it work?
ASSESS
We begin by determining your Compliance Level.
EVALUATE
We evaluate your current situation and deliver a thorough Readiness Assessment.
PLAN
We prepare a System Security Plan, (SSP) and Plan of Action & Milestones (POAM) to map out your journey to compliance.
IMPLEMENT
You and your IT team implement the changes listed on your POAM.
We can suggest a qualified IT company if you don't currently have one.
Who is Ember?
Ember Technology was founded by a pair of tech industry veterans with well over twenty years of experience in the field, who wished to focus their efforts to specialize in regulatory compliance.
The Ember team has RPs, (Registered Practitioner), a Certified CMMC Professional (CCP-pending) and Provisional Instructor (PI) that are registered with the Cyber AB (formerly CMMC-AB).
Want more information?
Powered by Soteria Technology Solutions