CapitolBeatOK Staff Report
Within the next five years, the U.S. Department of Defense (DoD) will require all contractors and subcontractors to adhere to certification standards outlined in the Cybersecurity Maturity Model Certification (CMMC) framework.
Guernsey (https://guernsey.us/), an Oklahoma City-based design and consulting company, employs one of only two people in Oklahoma who have been selected to be “Provisional Assessors” and will be authorized to conduct assessments during the provisional period.
Guernsey’s own Director of Cybersecurity Consulting, Tim Fawcett, gained this certification and will be one of the first to perform these CMMC provisional assessments. This early involvement in the CMMC certification program makes Fawcett uniquely qualified to assist current and potential clients through the certification process.
“As the DoD and other agencies mandate cybersecurity regulations to their contractors for protecting controlled unclassified information, it is important to have professionals familiar with the process and regulations to help navigate the certification process,” said Fawcett.
Because of Fawcett’s certification, Guernsey is uniquely poised to help DoD contractors and subcontractors and drive the cybersecurity industry nationally as well as within Oklahoma.
“Tim’s certification as a provisional assessor is a powerful endorsement of Guernsey’s ability to protect our clients,” said Guernsey President and CEO Jared Stigge. “Guernsey's offerings continue to anticipate and exceed our clients’ needs, and with the rapid pace of cybersecurity, Tim can bring clients cost-effective and timely solutions so they can confidently provide their services to the DoD and other government agencies.”
Becoming CMMC compliant and passing a third-party assessment can be a considerable hurdle for companies. CMMC is an emerging program, and there is currently no opportunity for vendors to implement alternative practices or reduce risk in other ways. The framework also requires a great deal of documentation, including evidence that required processes are taking place. Many contractors have been preparing for this eventuality, while others have taken a wait-and-see approach. There has been criticism of the framework and calls for improvement to the approach, including everything from the cost to the lack of a risk-based approach, but it is a certainty that CMMC, in some form, will soon be a reality for organizations that contract or subcontract to the DoD.
Oklahoma’s small to mid-sized companies can learn more about current and future DoD cybersecurity requirements and take the Guernsey CMMC online self-assessment at https://ift.tt/3BrMlI5.
About Guernsey: Guernsey is a leading provider of design and consulting services. Founded in 1928, Guernsey has developed an impressive base of clients worldwide, including federal, state, and local government; military; utilities; tribal; higher education; Fortune 500 companies; and the oil and gas industry sectors. Guernsey is an employee-owned, multi-discipline firm providing innovative answers for complex projects with engineers, architects, planners, consultants, environmental scientists, designers, analysts, accountants, and project managers.
About CMMC: Cybersecurity Maturity Model Certification (CMMC) is a unifying standard for the implementation of cybersecurity across the Defense Industrial Base (DIB). The CMMC framework includes a comprehensive and scalable certification element to verify the implementation of processes and practices associated with the achievement of a cybersecurity maturity level. CMMC is designed to provide increased assurance to the Department that a DIB company can adequately protect sensitive unclassified information, accounting for information flow down to subcontractors in a multi-tier supply chain. Learn more about CMMC at https://ift.tt/3ofWdif.
Guernsey’s Tim Fawcett earns rare cyber defense certification
Click on the headline to read the full article at CapitolBeatOK