For those within the defense sector, understanding and implementing CMMC (Cybersecurity Maturity Model Certification) policies is about to become more important than ever. CMMC is an essential part of safeguarding your business’s sensitive data.
In this guide, we’ll review CMMC policies in general, and then dive further into the specific policy CMMC AC.2.011.
CMMC compliance refers to following the standards set by the CMMC framework. This framework was created by the United States Department of Defense (DoD) to protect sensitive federal contract information and controlled unclassified information as well as ensure cybersecurity standards are met.
CMMC policies are designed primarily for organizations and contractors that work within the government and defense sectors. This includes defense contractors and subcontractors, suppliers at any level in the supply chain, companies handling or storing private information, or service providers such as IT services or logistics companies.
To learn more about CMMC 2.0 policies, check out our article: Understanding the CMMC 2.0 Framework.
There are several CMMC compliance levels, to dive in deeper, CMMC AC.2.011 is a specific policy under the 2.0 framework. This policy states that you have to authorize wireless access before allowing users to connect.
Why is this important?
Unfortunately, Wi-Fi connections are an easy target for data breaches and hackers. If a hacker connects to your unprotected Wi-Fi, they’re able to access any device on that network.
Pro Tip! If you still want to offer guest Wi-Fi, you still can! However, you’ll want to create a separate Wi-Fi network to keep your guests away from the staff’s network.
Unlike other CMMC policies, there isn’t one blanket way to implement this policy since there are several ways to distribute Wi-Fi. However, we’ve created a step-by-step guide with universal security measures to start complying with CMMC AC.2.011.
Step 1: Find out what devices are currently distributing the Wi-Fi.
This can include firewalls, access points, or Internet Service Provider (ISP) devices.
Step 2: Ensure you have a user acceptance policy in place before distributing the Wi-Fi.
To understand this step, check out our article: How to Comply with CMMC AC.2.005 User Policy Acceptance Rule.
Step 3: Make sure you have a secure Wi-Fi password, that only select people know.
An optional step is to enable MAC Address Filtering – which only allows specific devices to connect to the Wi-Fi. (This requires an IT professional to set up!)
Step 4 (Optional): If you’re setting up a guest Wi-Fi or additional network, follow steps 1-3.
With any new regulation, challenges arise during implementation. As CMMC consultants, we’ve noticed 3 common challenges with CMMC policies.
Sometimes, gray areas give flexibility or leniency which can be beneficial. However, when trying to comply with government regulations, gray areas aren’t so helpful.
Unfortunately, there are several gray areas when it comes to CMMC compliance including working with outside vendors.
If your contracts require you to work with outside vendors, it’s your business’s responsibility to ensure that they’re also meeting CMMC compliance requirements. This additional step oftentimes prolongs the time it takes to complete a contract for the DoD.
CMMC policies are new and there isn’t much information out there yet. If you’re getting started with compliance without a CMMC consultant, it’ll be much more difficult to implement the policies.
Like most regulations and guidelines, change is bound to happen. With CMMC being a new topic, there are new updates to policies nearly daily.
If you’re not working with a CMMC consultant, it will be difficult to learn CMMC and stay up-to-date on the latest changes.
CMMC policies will soon be mandated to any business or organization affiliated with the Department of Defense, so complying will be crucial. Since implementation isn’t a quick fix, it’s essential to get started as soon as possible.
Start today and get started with a CMMC consultant at Omnis Technologies.