What is CMMC and why does it matter?

Cybersecurity Maturity Model Certification (CMMC) is a program established by the US Department of Defense (DoD) to secure and protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) by requiring the certification of external contractors across 17 different domains.

Starting November 30th, 2020, the DoD began incorporating CMMC requirements into select RFPs, RFIs, and research contracts. By October 1, 2025, all DoD contract awards will require at least some level of CMMC. While the DoD was the catalyst for CMMC, it is now gaining traction across the Defense Industrial Base (DIB) including the Department of Homeland Security and other federal government departments and agencies across the US, especially since the SolarWinds attack.

With the breadth and depth of the Entrust portfolio, we are uniquely positioned to help make this effort a lot more manageable with solutions that address several of the 17 domains outlined, including compliance with the CMMC Identity and Authentication (IA) domain.

Multi-factor authentication becomes a must-have

The traditional username – password combination continues to be the weakest security link in many workplaces including government departments. According to the Verizon Data Breach report, compromised credentials are the root cause of 80% of all data breaches. Multi-factor authentication (MFA) is a must to protect workforce identities with NIST 800-52/63/171 outlining requirements for strong user and device authentication.

The majority of the defense industry will likely require Level 3 certification for the IA domain, where MFA is a must-have. Requirements for Level 4 and 5 certification are still being defined. So, if you haven’t already adopted MFA for your workforce, you will need a solution that can be deployed quickly and effectively. With cloud-based Entrust Identity as a Service, you can be up and running in next to no time with out-of-the-box integrations and support for an unrivalled number of authenticators and use cases. See how Entrust Identity enables full compliance with the CMMC IA domain in the image below.

CMMC Table