- Why Sharetru?
- Resource Hub
When the Department of Defense initially announced version 2.0 of its Cybersecurity Maturity Model Certification (CMMC), it was meant to be good news for small and mid-sized businesses and contractors that work with the United States Military. CMMC 1.0 put a heavy burden on these smaller organizations to create systems and manage controls that they simply didn’t have the in-house resources to create and manage.
But planning for the CMMC 2.0 model brings to light just how challenging compliance remains for small- and mid-sized organizations. While CMMC version 2.0 has been framed as less of a burden for smaller businesses and contractors, there’s still a lot of work to be done to reach full compliance.
More than 300,000 contractors make up the Defense Industrial Base (DIB). The vast majority of these contractors are small- and mid-sized businesses that “do not work on sensitive programs,” though they still need to comply with certain cybersecurity regulations. The CMMC 2.0 changes were designed to better support these small- and mid-sized contractors in the following ways:
DoD SAFE’s launch represented 2 significant improvements for users:
Significant cybersecurity breaches in the 2010s inspired the Department of Defense to enhance cybersecurity measures and compliance regulations for contractors. CMMC 1.0 placed a heavy burden on small- and mid-sized contractors that the CMMC 2.0 framework is meant to reduce and streamline. This much is evidenced by comments in a related press release:
“By establishing a more collaborative relationship with industry, these updates will support businesses in adopting the practices they need to thwart cyber threats while minimizing barriers to compliance with DoD requirements,” said Jesse Salazar, the deputy assistant secretary of defense for industrial policy at the DoD.
Still, there remain challenges for smaller organizations that thrive on contracts with the U.S. Military.
While the CMMC 2.0 updates do lessen the compliance burden on smaller organizations, that doesn’t mean they can sit back and relax. There remain serious compliance standards to meet if you want to do business with the U.S. Military, and not all small- and mid-sized contractors have the in-house resources to create and implement their own compliant systems, processes, and workflows. For example, all contractors will experience challenges related to:
Reading the points above may feel overwhelming to a small- or mid-sized contractor that wants to work with the U.S. Military. But there are technology partners you can work with to simplify compliance with CMMC 2.0, which would free you and your team to focus on securing new contracts and providing outstanding service.
Small- and mid-sized contractors need to secure CUI away from their processing environments. At FTP Today, we simplify the tasks of securely storing and transferring CUI, which helps you with compliance and frees your time to focus on other important initiatives.
Simply using FTP Today helps your organization fully meet 15 CMMC 2.0 controls, as well as providing the tools to meet 25 additional CMMC 2.0 controls (with minimal effort by the contractor). Using FTP Today for your secure file transfer and file sharing practically eliminates the compliance burden as it relates to sharing files inside and outside of your organization, which allows you to focus on high-value tasks for your business.
You don’t need to build your own file sharing system from the ground up. And you don’t need to increase headcount to reach compliance. Don’t let the cost of CMMC 2.0 compliance place a drag on your business. Let FTP Today be a strategic partner that empowers affordable file sharing compliance and helps your organization grow.
With a signed non-disclosure agreement, FTP Today can provide you full details on how CMMC 2.0 crosswalks to CMMC 1.0 and NIST 800-171, as well as who is responsible for each control. Get in touch with us to learn more about CMMC 2.0 and how FTP Today simplifies compliance.
Arvind is Director of Compliance and Programs at Sharetru. He came to Sharetru with 11+ years of experience in offering cloud solutions to the Federal Government and public sector channels at companies such at Rackspace, IBM, UNICOM, A10 and Radware Alteon. He is based in the Washington, D.C. area.
Get industry-leading thought leadership content to stay informed, delivered to your inbox.