Page 191 - Cyber Defense eMagazine Annual RSA Edition for 2024
P. 191
Both CMMC and NIST SP 800-171 can be used to assess your company's cybersecurity posture. Each
framework has its strengths and weaknesses, but DFARS 252.204-7012 mandates that you are NIST
SP 800-171 compliant (the deadline for this was December 2017), and DFARS 252.204-7021 mandates
that you become CMMC Certified if you handle CUI in any way.
Both frameworks are good for assessing maturity in five key areas:
• governance
• risk management.
• incident response
• data protection (including privacy)
• technology assurance (which includes risk assessment)
Incorporating either or both of these frameworks into your organization's cybersecurity enhancement
strategy ensures proactive adaptation to evolving threats. Continuous improvement based on these
frameworks not only fortifies your cybersecurity posture but also ensures compliance with evolving
regulatory standards.
Conclusion
This comparison highlights the distinct characteristics and approaches of CMMC 2.0 and NIST SP 800-
171, underscoring the importance of understanding their differences for organizations seeking to enhance
their cybersecurity posture……
About the Author
Joe Coleman is the Cyber Security Officer for Bluestreak Consulting™, a division
of Throughput | Bluestreak | Bright AM™. Joe is a Certified CMMC-RPA
(Registered Practitioner Advanced). Joe has over 35 years of diverse
manufacturing and engineering experience. His background includes extensive
training in cybersecurity, DFARS, NIST SP 800-171, and CMMC, a career as a
machinist, machining manager, early additive manufacturing (AM) pioneer, and
production control/quality management software implementer/instructor.
You can contact Joe Coleman at [email protected] or 513-900-
7934 for any questions and a free consultation, with a complimentary detailed compliance eBook. Also,
see https://go-bluestreak.com
191
