MISI's CMMC Pilot Program
Securing The Defense Industrial Base and Beyond
The Defense Industrial Base (DIB) has more than 340,000 suppliers. These suppliers consist of large and small to medium sized businesses. The Department of Defense (DoD) and other government organizations are and will soon mandate compliance with the Cybersecurity Maturity Model Certification (CMMC). Increasing the cyber resilience of the supply chain which includes over a million companies in addition to the DIB is a substantial challenge but an important one. Nation state and other cyber actors are in constant pursuit of our nation's most vital intellectual property and innovations. In addition cyber attacks aimed at the supply chain can weaken or impede our nation's readiness and ability to produce the products and services our nation relies on to defend itself not only against enemies but also the products that can ensure the health of our nation. Today, medical solutions that are needed to combat the biological threat such as the COVID-19 pandemic of 2020 is a critical part of the demand on the nation's supply chain.
The CMMC is about reducing the risk to the nation and its supply chain and increasing the cyber resilience and in turn the reliability of our nation's vital resources.
About MISI's Major Role in Supporting CMMC and Existing Cybersecurity Policy
MISI is working directly with the Department of Defense Office of Small Business Programs OSBP and in partnership with US Cyber Command on accelerating the preparedness of small and medium sized businesses for CMMC compliance through our Project Spectrum CMMC Compliance Readiness program. This a unique partnership that leverages the cybersecurity expertise of not only US Cyber Command personnel but also of the MISI run and operated DreamPort mission accelerator facility. DreamPort is globally recognized leader in cyber mission acceleration made of lab space, collaboration and event space housed in 40,000 square feet. The DreamPort program and facility joins all of the cyber related disciplines under one roof to include artificial intelligence, cyber policy, cyber malware research, workforce training, rapid prototyping and the test and evaluation of tools and techniques and much more. The DoD sponsored pilot is called Project Spectrum.
MISI has been asked to go beyond the IT realm and ensure that we prioritize solutions and best practices for supply chain manufacturers, MISI has developed substantial relationships with the leaders in manufacturing cyber threat detection and mitigation. MISI leverages our test virtual and factory equipment and cyber range to test the efficacy of cyber solutions that can accelerate cyber compliance in a cost effective manner for manufacturers who in addition to IT have IIoT and OT technology that are high value targets for compromise.
In addition MISI has developed a set of unique approaches to tackling the cybersecurity compliance and knowledge gap. Our conferences and virtual events are leading the way in connecting industry with knowledge and solutions information across the country. In addition our DreamPort team is a collection of some of the top cybersecurity practitioners in the nation. If you are going to defend the supply chain from hackers, its best to develop and test solutions using experienced ethical hackers as part of the process.
MISI utilizes its knowledge of DoD and other cybersecurity mandates that include CMMC, CUI, DFARS 252.204-7012, NIST SP 800-171, the NIST Cybersecure Framework, and NIST SP 800-53. These requirements provided manufacturers with the opportunity to self-assess and improve their cybersecurity posture within their organization.
However, the self-assessment process is challenging as a verification mechanism and is difficult to enforce to validate their efforts. In order to verify manufacturers are implementing these requirements, the DoD announced in mid-2019 a new cybersecurity compliance requirement (Cybersecurity Maturity Model Certification, aka the CMMC) that will make it mandatory and implement a third party assessment requirement of DoD suppliers.