CMMC 2.0 is still in a developmental phase, there is a chance your business hasn’t had to meet any of the requirements set by the Department of Defense.
If your niche market is government contract work, you’ve probably heard the terms “FCI” and “CUI.” Both terms only add to the alphabet soup of acronyms.
Chances are, you know what they are. But do you really know what they mean?
The TLDR: FCI data requires a level 1 CMMC, where CUI starts at level 2 CMMC and eventually climbs into level 3. But let’s dig in a little deeper:
When handling government paperwork, the first thing that comes to mind is national security. FCI is non-public information that is required to be handled in accordance with federal regulations. FCI can be data that is collected for the federal government or obtained by the contractor during the active contract work.
The protection of federal contract information is a mutual effort between the government and the contractors. The government is responsible for developing agencies whose job it is to ensure there are proper guidelines in place to keep FCI secure during its entire lifecycle. On the other side, contractors are responsible for implementing the security measures created by the federal agencies to protect all FCI while it’s in their possession.
The guidelines created by federal agencies is what we now know as CMMC 2.0 Framework. The CMMC 2.0 Framework is made up of 3 levels. Depending on what kind of contract work your business is conducting, will determine your level of CMMC compliance.
Further reading: Understanding the CMMC 2.0 Framework.
There are several types of documentation that are considered FCI. Some of the most common are:
FCI information is found in various locations. However, you can find it mostly in databases that are managed by the government. The database in which this information is stored is only accessible by government employees, the contractors and any authorized personnel. Another stipulation to gaining access to this information is having a government issued “need-to-know” basis for completing your contracts.
CUI is what the federal government uses to identify information that is not classified but still requires strict guidelines to ensure its safety. The idea behind classifying information as CUI is to create a safety standard used among all government contracts.
Because CUI covers a broad range of data, it’s found in a variety of different businesses. Some of the more common entities that handle CUI information include:
Regardless of how much CUI information your business generates, you can expect to have to meet CMMC compliance level 2.
|
Explore an in-depth breakdown of CMMC 2.0 level 2 compliance requirements. |
While CMMC 2.0 is still in a developmental phase, there is a chance your business hasn’t had to meet any of the requirements set by the Department of Defense (DoD), yet. If that sounds like you, it’s never too early to consult a CMMC expert to start shaping your business into a CMMC compliance machine! If you’re worried you’re already behind the curve, contact us today, for a free CMMC compliance consultation.
Phishing is the practice of tricking someone to get their sensitive information. The “bait” is often an email created to look like a message from...
Insurance companies in New York want businesses to tighten up their information security by following these 12 guidelines.
Unfortunately, with the rise of remote work, cybercriminals have a heightened interest in remote access-based data breaches. Enter CMMC AC.2.013 –...