Note: North Star CMM repurposes the Cybersecurity Maturity Model Certification (CMMC) developed by the Department of Defense, for broader use of all businesses while maintaining the integrity of the model.
By focusing on the model we more accurately reflect what we are doing. This is why the last C is dropped off as Certification is a separate business decision from cyber and data protection. An important decision, but separate.
The CMM is a collection of standards and practices to protect the confidential information of clients and the business. Utilizing it makes it easier for you to communicate your needs to product and service providers as well as share and learn effective practices with others. The CMMC was created by the DoD to support the defense industrial base, including supply chain members. It has great value for all businesses.
America’s SBDC has adopted the CMM as the North Star to guide small businesses on the journey of cybersecurity and data breach protection activities.
Basic cyber and data protection revolves around the simple concept of CIA (Confidentiality, Integrity, availability). Confidential information needs to be protected. The information needs to have Integrity. If someone breaks in and alters the data it can be a big problem, we can’t count on it. Information needs to be Available for use. Ransomware and other cyber-attacks prevent us from using our information. See Secure Towns Here
If you are a federal contractor need to consider the responsibility of Federal contract information (FCI)—information you or your company got doing work for the Federal government that is not shared publicly)
Please contact us about sponsorship at cmmc at AmericasSBDC dot org