NIST 800-171 & CMMC: Two Key Questions To Assess Your Risk
You may have heard about the Boeing attack recently – but large, prime contractors to the DoD are not the only ones being targeted.
All defense contractors, large, medium and small, are a high value target of cyber attackers, especially those that handle controlled unclassified information (CUI). Why? Because the CUI is of tremendous value and you could be the weakest link in the chain and serve as the initial point of entry for the attackers.
Do you know what happened with the APT 40 cyberattack?
APT40, a cyber gang sponsored by the government of China, used a variety of tactics and techniques and a large library of custom and open-source malware to compromise defense contractors handling CUI and exfiltrated high value data of national security impact.
In a recent blockbuster case, the FBI indicted three individuals from APT 40 for breaking in to defense contractors that handles CUI.
This case goes to show this can happen to any defense contractor. Here’s what the FBI’s Nick Arico said in a CyberCatch’s podcast:
Complying with NIST 800-171 is not only the law of the land but also provides proper security and cyber risk mitigation. If your company handles CUI, you must complete a compliance assessment and implement 110 cybersecurity controls under NIST today and soon CMMC. These controls will prevent, detect and respond to threats so you will not become the next victim.
Recently, Aerojet Rockdyne agreed to pay $9 million to resolve allegations that it violated the False Claims Act by misrepresenting its compliance with cybersecurity requirements in certain federal government contracts.
But complying with NIST 800-171 is not that easy – it is fraught with pitfalls, and each of the controls has a 5, 3, or 1 point value. For each control that is not implemented, you lose points.
Watch CyberCatch’s NIST 800-171 & CMMC webinar to learn the common pitfalls and how to avoid non-compliance.
Do you know answers to following two key questions? If no, you are at risk.
- Do you know which of the 110 controls in NIST 800-171 if not implemented or updated periodically will result in a zero score automatically?
- Did you know if you don’t test your controls periodically what your 110 score would be and how you would be out of compliance with NIST 800-171?
This is why you must approach NIST very seriously – it’s the law of the land for a reason. This is why you need CyberCatch as your trusted partner for compliance.
CyberCatch is the optimal solution for defense contractors to attain compliance quickly, without breaking the bank. CyberCatch’s expert team and AI-Enabled Cybersecurity Solution enables compliance and cyber risk mitigation in 2 weeks or less.
Here’s an endorsement from Dr. Marv Langston:
CyberCatch serves a variety of customers, many are defense contractors throughout the U.S. who are raving about the value we are delivering. You must watch this 3-minute video from one of our valued customers – then you will understand our secret to success: