all 110 controls of the CMMC framework – and any score less than 110 is a failure. Businesses that earn sub-110 scores are required to submit a Plan of Action and Milestones (POA&M) – a binding commitment to achieve full CMMC compliance – which delineates specific security enhancements and timetables for their implementation. Businesses may also be selected for examination by an independent and accredited CMMC Third-Party Assessment Organization (C3PAO). While the chances of undergoing this intensive vetting process are low, businesses must thoroughly prepare themselves or have an expert MSP at their side to ensure their preparation. Why to become a CMMC MSP Businesses pursuing CMMC compliance have two roads forward: invest years of effort learning the ropes of CMMC’s 110 controls, or massively accelerate that timetable and eliminate most of the expenses and friction of that process by partnering with an MSP that knows the ropes and can deliver the security processes to keep things moving forward. There are major dividends at the end of each road; earning CMMC compliance will open the door to valuable new contracts. MSPs that position themselves to fast-track that success can easily earn themselves a robust new clientele as well. To do so, MSPs should build out service programs that feature holistic strategies for supporting CMMC compliance, complete with cybersecurity technologies that meet the precise data protection, access control, risk assessment and further specific technical requirements of clients pursuing CMMC. The benefits of achieving CMMC compliance also extend past the immediate advantages of earning DoD contract clients. CMMC directly mirrors NIST 800-171 controls. With NIST quickly rising as the de facto standard for effective cybersecurity recognized in every industry, a business with CMMC compliance credentials can rightfully tout its cybersecurity capabilities to potential clients. MSPs should make those universal benefits plainly understood and provide a security technology stack that makes it clear and simple to demonstrate compliance to clients. For example, our own stack features encryption and access control solution BeachheadSecure because it alone fulfills 76 percent of the NIST cybersecurity framework’s requirements, paired with additional tooling to achieve 100 percent CMMC/ NIST compliant protections. We also use CyberQP as an MSP-specific security tool, among others, to help us further align to NIST. When a business compares competing security MSPs, being the potential partner that checks all the boxes and offers the most assured protections will win you that client just about every time. The details of CMMC compliance are largely a mystery to businesses just beginning to learn the space. There are vendors out there that prey on such businesses, making unsupported claims about products that don’t actually help with meeting CMMC controls. MSPs that come across deceived businesses have an immediate opening to display their expertise by explaining the realities of CMMC and win trust and new clients by setting them on a more secure – and more profitable – path forward. o Aaron Wyant is the president of Dispatch Tech, a technology solution provider based in San Diego. He is also the co-author of the Amazon bestseller “On Thin Ice,” which looks at modern cybersecurity strategies. CYBER PATROL Source: U.S. Department of Defense CIO Comparison between CMMC Models 1.0 and the planned CMMC Model 2.0. The CMMC Model 2.0 is notional until rulemaking is completed. 22 CHANNELVISION | JANUARY - FEBRUARY 2024
RkJQdWJsaXNoZXIy NTg4Njc=