For years, Rochester-based Dox Electronics has been assisting companies contracted with the U.S. Department of Defense (DoD) with regulatory compliance including the National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800-171 and the Defense Federal Acquisition Regulation Supplement (DFARS). Now the DoD has created a new regulation for contractors and subcontractors known as Cybersecurity Maturity Model Certification (CMMC). This new requirement, which is expected to be implemented in DoD contracts by June, is meant to address the increase in cybersecurity threats. To prepare businesses for the requirements of CMMC, Dox is now offering pre-audits to prepare for CMMC compliance.
Several drafts of the CMMC were released for public review before the government issued the final version of CMMC v1.0 on Jan. 31. Much of what has been included in the CMMC requirements come from previous regulations including NIST SP 800-171 and DFARS. With years of experience in assisting defense contractors in achieving compliance with these regulations, Dox is an exceptional resource for businesses when it comes to CMMC preparation.
Larry Cohen, Vice President of Sales for Dox Electronics, said, “It’s like taking the pre-SATs before taking the SATs. If you don’t have a baseline of where you’re at today, you won’t know what you need to be compliant tomorrow.”
In the past, businesses have been able to utilize a self-assessment and attestation process for compliance with federal regulations. The CMMC requires certain cybersecurity policies, procedures, and controls are implemented prior to the award of a DoD contract as certified by an accredited, independent, third-party CMMC assessor. The DoD is currently preparing to provide auditor training and certification this spring for third-party vendors such as Dox. In the interim, Dox is offering pre-audits using the standards behind NIST SP 800-171, DFARS, and CMMC v1.0.
“If you don’t do a gap analysis now through a pre-audit, you won’t know what to fix,” said Cohen. “There are at least 130 controls within (Level 3) CMMC. If businesses wait, it could take months or even a year to achieve compliance if they don’t pre-audit now.”
Steve Davis, President of Tapecon, has conducted a CMMC pre-audit with Dox. He said he feels better prepared to achieve CMMC certification with the DoD when the time comes as a result.
“The assessment was extremely thorough and has given us a proactive roadmap to improve our cybersecurity and compliance goals,” Davis said.
To learn more about CMMC pre-audit by the experts at Dox Electronics, contact Dox at (585) 473-7766 today.