ROCHESTER'S FIRST: DOX DESIGNATED AS A REGISTERED PROVIDER ORGANIZATION FOR CYBERSECURITY MATURITY MODEL CERTIFICATION
Cybersecurity is more connected to Main Street than ever. Private industries and companies, even some of the smallest, need data connectivity that’s safe and secure to keep their bottom line as healthy as possible. Which is not so easy lately. They rely on something many of us might not have thought about 10 months ago—supply chains.
Dox knows how variables, like morphing covid issues and massive computer hacks at the highest levels, can create havoc with companies that need unfettered access to raw materials and other finite resources. These things need to flow seamlessly to function well in any year. So if you suddenly find yourself dealing with ransomware when you need to do order fulfillment, it could be game-over. For a city like Rochester, and countless others like it, businesses that are inching ever closer to the edge of extinction need all the help they can get to keep products moving out the door.
“I think now [supply chain risk] is a topic that has transitioned from esoteric to exoteric as it's more accessible to the public. COVID has made supply chain a dinner table conversation topic, so it's a combination of organizations learning more about third party risk and operational risk, and realizing the consequences of not attending to that risk could be devastating.”
Assistant Director, Supply Chain and Cyber Directorate, National Counterintelligence and Security Center, Office of National Intelligence
As Rochester’s first Cybersecurity Maturity Model Certification (CMMC) Registered Provider Organization (RPO), Dox Electronics, Inc. is uniquely positioned to serve Department of Defense supply chain contractors as an advisor or as a Managed Service Provider. Yet, it’s also just as capable, maybe more so, to assist local manufacturers to keep their systems up and running. Especially if they’re doing some work downstream from a local primary defense contractor.
What’s CMMC All About?
It depends on who you ask, but for the governing bodies in charge of certification it means complying with very specific Federal cybersecurity requirements. Assessing whether a company is on track or not demands a specially trained eye to spot (sometimes literally) holes in infrastructure and systems used for protecting Controlled Unclassified Information (CUI). An oxymoron if there ever was one.
Dox shows suppliers the gaps that exist for safeguarding information they work with that meets Federal CUI criteria—often having to point out that it's CUI in the first place. For those doing business with the Government, it is an absolute necessity to maintain nearly 200 controls CMMC imposes over this information. Many experts are hard-put to explain the rules because they’re far from being finalized. Nevertheless, the government is moving forward with hard deadlines to be ready for assessment. The pressure has led to widespread inaction over the confusion, which has triggered much consternation.
Clarification is desperately needed. Dox goes onsite to scrutinize absolutely every possible vulnerability, whether physical or digital, to help impacted contractors and sub-contractors prepare before time runs out. Even food vendors and janitors need to be properly vetted and follow the appropriate requirements in case they're around CUI.
And Dox Helps How?
As the first in Rochester to achieve the RPO designation, Dox delivers a non-certified, yet authoritative advisory service informed by training on the CMMC Accreditation Body’s standard. Traveling cross-country to perform these intense multi-day inspections, Dox has traveled (with all the safety protocols possible) more or less constantly as new rules and news emerge. When crossing borders isn’t a public-health hurdle, they’ll even head to Canada.
Wherever the companies reside, they each receive a detailed assessment of where the organization stands in the form of a massive book documenting every issue. Whether its leadership puts the advice into practice is up to them. These days no one can really afford to take a chance on their cybersecurity, or take the risk of losing their contracts.