What is NIST and CMMC?

Helm Point » NIST & CMMC Compliance » What is NIST and CMMC?

What is NIST Compliance?

The National Institute of Standards and Technology is a non-regulatory government agency that develops technology, metrics, and standards to drive innovation and economic competitiveness at U.S.-based organizations in the science and technology industry. As part of this effort, NIST produces standards and guidelines to help federal agencies meet the requirements of the Federal Information Security Management Act (FISMA). NIST also assists those agencies in protecting their information and information systems through cost-effective programs.

What exactly is CMMC?

The Department of Defense (DoD) chose to implement Cybersecurity Maturity Model Certification (CMMC) as their response to protecting significant sensitive defense information and negate potential vulnerabilities located within contractor’s information systems. This initiative will help enhance the protection of Federal Contract Information (FCI), Controlled Unclassified Information (CUI), and Covered Defense Information (CDI) for more than 300,000 companies in the supply chain.

Compliance for NIST SP 800-171 is required for government contractors, consultants, service providers and others that process, store or transmit Controlled Unclassified Information (CUI) for state or federal agencies.

Does NIST Compliance apply to my organization?

If you’re already doing business with the government, you are responsible for certifying, monitoring, and implementing IT system security and any CUI transmitted or stored in these systems. Critical cybersecurity practices will be ongoing. In fact, a non-compliant company may lose the ability to bid or re-compete on government contracts.

And the benefits go beyond compliance—this is a model for improved record keeping, data handling, and securing your organization and its intellectual property.