Kiteworks CISO Discusses Securing Content Communications for CMMC 2.0
Frank Balonis, CISO and SVP of Operations at Kiteworks, discusses how U.S. Department of Defense (DoD) suppliers secure their content communications for Cybersecurity Maturity Model Certification (CMMC 2.0). CMMC 2.0 provides the DoD with the means to protect private data from malicious attacks on its supply chain. CMMC 2.0 maps National Institute of Standards & Technology (NIST) 800-171 requirements to each of its Level 2 practices and will employ NIST 800-172 for its Level 3 practices (once they are released).
CMMC 2.0 is an update to the Cybersecurity Maturity Model Certification (CMMC) that was initially released in January 2021. The new version includes updates to the protection of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).
DoD contractors must demonstrate compliance with CMMC 2.0 through self-assessments as well as utilization of CMMC Third Party Assessment Organizations (C3PAOs). A phased implementation of CMMC 2.0 is expected to begin in May 2023 with final completion in November 2025, and DoD contractors and subcontractors must be working on their certification now.
Because Kiteworks is FedRAMP Authorized, it complies with or partially complies with a higher number of CMMC 2.0 Level 2 practice areas than those competitive options. Therefore, DoD contractors and subcontractors using the Kiteworks Private Content Network receive support for nearly 90% of CMMC 2.0 practice areas.