Joe Coleman earns additional CYBER AB Cybersecurity Maturity Model Certification

Joe Coleman, Cyber Security Officer at Bluestreak Consulting, recently achieved his second CYBER AB CMMC Certification, obtaining the status of Registered Practitioner Advanced (RPA). Part of being an RPA is the ability to implement all CMMC requirements for businesses to be audit-ready. CMMC is a U.S. Department of Defense (DoD) program that applies to Defense Industrial Base (DIB) contractors. It is a unifying standard and new certification model to ensure DoD contractors properly protect sensitive information. Compliance with NIST SP 800-171 is a prerequisite.

CMMC reports the U.S. economy loses an estimated $57-109 billion to malicious cyber activity every year. To mitigate vendor-focused cyberattacks, all Department of Defense (DOD) contractors by 2025 will be required to be CMMC certified and will need a certified third-party assessment organization (C3PAO) to grant certification. Any contractor and subcontractor working with government organizations or Primes are required to safeguard Controlled Unclassified Information (CUI) in their possession, and to protect any IT systems that process, store, or transmit CUI with the minimum of Level 2 certification. The DoD plans on maintaining a supplier database that contracting officers will review prior to awarding contracts.

What is CUI?
Controlled Unclassified Information was created after 9/11 via a presidential memorandum signed by President Bush. It was updated in 2011 by President Obama under Executive Order 13556. CUI is not classified information or corporate intellectual property unless created for or included in requirements related to a government, DoD, or NASA contract.

“Achieving and maintaining NIST 800-171 & CMMC compliance is an extensive and often confusing process,” says Coleman. “The urgency for compliance increases every day and many don’t realize that becoming NIST 800-171 compliant can take from between 6 to 12 months. CMMC Level 2 Certification can take from between 9 to 18 months. These timeframes all depend on your current cybersecurity situation.”

To achieve NIST 800-171 compliance, it's crucial to understand the process and the necessary steps. For guidance and comprehensive information, reach out to Joe Coleman or call 513-900-7934. Alternatively, visit Bluestreak Consulting for a free consultation with your team and to receive a copy of our eBook, which is packed with essential details about this topic.