Skip to content
Past webinar

CMMC for EMS: Preparing for Audit Success

CMMC for EMS Preparing for Audit Success

Guest Speaker: Jemurai

CMMC, Cybersecurity Maturity Model Certification, is a new security standard designed to ensure all the appropriate security measures are in place. In this webinar, we have special guest Matt Konda, CEO of Jemurai and securityprogram.io, and Chintan Sutaria, President of CalcuQuote, discussing what Electronics Manufacturing Services companies need to know about how to prepare for the audit. Supply chain disruption and COVID-19

Summary of the webinar

Introduction to the Webinar Series

This marks the first of a series of monthly webinars focused on key cybersecurity topics, hosted by Matt Konda, a seasoned expert in building security programs, and the CalcuQuote team. The sessions aim to help organizations navigate complex compliance requirements and provide actionable advice for securing sensitive information.

Understanding CMMC

The Cybersecurity Maturity Model Certification (CMMC) is a framework designed to protect the Department of Defense’s (DoD) supply chain from cyber threats. It outlines various maturity levels that contractors and subcontractors must reach to ensure proper protection of Controlled Unclassified Information (CUI). Audits for compliance are carried out by third-party organizations, and different levels apply depending on the type of information being handled.

CMMC Origins and Levels

CMMC is rooted in existing NIST standards and aims to safeguard vendor supply chains. It introduces different maturity levels—level 3 is typically required for protecting CUI, while higher levels demand more advanced practices. Although not all contractors will be audited immediately, organizations are encouraged to work towards higher levels based on the sensitivity of the data they manage.

Cost Considerations

The U.S. government allows vendors to pass cybersecurity costs on to their customers, sparking necessary conversations about the financial aspects of implementing security measures. Businesses are advised to assess their cybersecurity maturity and plan for the costs associated with achieving higher levels of compliance.

Preparing for CMMC

Organizations should conduct self-assessments, focusing on key control areas outlined by CMMC and NIST. The goal is to close any security gaps and improve over time. While it may be daunting, starting with a simple approach, such as tracking progress on a spreadsheet, can be an effective way to begin the journey.

Conclusion:

Achieving compliance with CMMC is not an overnight process but a steady progression through different levels of security maturity. Organizations need to be proactive in understanding their cybersecurity risks, ensuring that they protect sensitive information at all stages. With the right strategy, resources, and continuous improvement, reaching even the highest levels of CMMC compliance is attainable.

Other webinars you might be interested