top of page

Gold Comet™ Solutions:
CMMC 2.0  CUI Support

Gold Comet logo icon

Gold Comet™ has joined in partnership with Carahsoft and Cyturus Technologies to provide our multi-patented enterprise storage solution for the Cybersecurity Maturity Model Certification (CMMC) Controlled Unclassified Information (CUI) accreditation process, a pending requirement for all participants in the federal supply chain.

History and purpose of CMMC Compliance Requirements and Gold Comet partnership with Carahsoft and Cyturus

VIDEO OVERVIEW:  Brief history and purpose of CMMC and Gold Comet's partnership with Carahsoft and Cyturus to support the CMMC accreditation process.

Carahsoft Logo - trusted Government IT solutions provider.

Cybersecurity, MultiCloud,

DevSecOps, Big Data,

Artificial Intelligence,

Open Source

Customer Experience

Cyturus Technologies logo - providing CMMC accreditation support services

Cyber Risk Analysis

and Management,

C3CPAO
CMMC Certification

Assessment

GOLD COMET™ meets Data Storage Requirements for CMMC Compliant Systems

In CMMC compliant systems, data must be stored securely to protect sensitive information from unauthorized access or disclosure. This includes implementing encryption mechanisms to safeguard data at rest and in transit, restricting access to authorized personnel through role-based access controls (RBAC), and implementing logging and monitoring capabilities to detect and respond to security incidents.

Organizations must adhere to the specific requirements outlined in the CMMC framework regarding data storage and protection. This may include encrypting sensitive data, implementing access controls, conducting regular security assessments, and maintaining audit trails to track access and changes to data.

Overall, data storage in CMMC compliant systems must align with the cybersecurity controls and practices outlined in the CMMC framework to ensure the confidentiality, integrity, and availability of sensitive information within the defense supply chain. Gold Comet continually seeks to exceed security requirements and assist our customers in establishing a robust DSPM system.

CMMC BACKGROUND INFORMATION

WHAT IS CMMC 2.0?

CMMC HISTORY AND PURPOSE

The Cybersecurity Maturity Model Certification (CMMC) emerged as a response to the growing threat landscape facing the United States' Defense Industrial Base (DIB). Originating from concerns about the protection of sensitive information and intellectual property within the DIB, the U.S. Department of Defense (DoD) took action to enhance cybersecurity practices among its contractors and suppliers.

 

Formally introduced in 2019, the CMMC was designed to address deficiencies in the existing self-assessment model used by defense contractors. This model proved inadequate in ensuring consistent and sufficient cybersecurity measures across the supply chain. The CMMC aimed to establish a standardized framework that would require mandatory certification for all defense contractors and suppliers.

 

The CMMC was developed collaboratively by the DoD, defense industry stakeholders, and cybersecurity experts. It draws upon existing cybersecurity standards and frameworks, such as NIST SP 800-171, but introduces additional requirements tailored to the unique needs of the defense sector. The model underwent rigorous testing and refinement to ensure its effectiveness in enhancing the cybersecurity posture of organizations within the DIB.

 

CMMC 2.0 represents an evolution and refinement of the original Cybersecurity Maturity Model Certification framework. Building upon the foundation established by CMMC 1.0, CMMC 2.0 introduces enhancements and updates to address emerging cybersecurity threats and evolving best practices. The updated framework aims to provide a more comprehensive and flexible approach to cybersecurity maturity assessment and certification.

 

The primary purpose of CMMC 2.0 remains consistent with its predecessor: to enhance the cybersecurity capabilities of defense contractors and suppliers within the DIB. By establishing standardized requirements and levels of certification, CMMC 2.0 aims to ensure that organizations possess the necessary cybersecurity controls and practices to safeguard sensitive information and maintain the integrity of the defense supply chain.

CMMC COMPLIANCE LEVELS

Gold Comet's diagram depicting the three levels of  CMMC compliance for CMMC 2.0

CMMC Level 1 - Foundational


At this level, organizations are required to implement basic cybersecurity practices to safeguard Federal Contract Information (FCI). This may include practices such as access control, incident response, and security awareness training.

 

CMMC Level 2 - Advanced


Level 2 builds upon the foundational practices of Level 1 and introduces additional security controls to protect Controlled Unclassified Information (CUI). Organizations at this level must demonstrate a more comprehensive cybersecurity posture, including enhanced access controls, encryption, and vulnerability management.

 

CMMC Level 3 - Expert


Level 3 represents the highest level of cybersecurity maturity within the CMMC framework. Organizations at this level must implement advanced security controls to protect CUI and demonstrate a robust cybersecurity program. This may include capabilities such as continuous monitoring, threat intelligence sharing, and advanced incident response capabilities.

CMMC CERTIFICATION PROCESS

Image by fabio

Assessment

Organizations must undergo a comprehensive assessment of their cybersecurity practices and controls to determine their level of maturity against the CMMC requirements.

Image by Sigmund

Documentation

Organizations must document their cybersecurity practices, policies, and procedures to demonstrate compliance with the CMMC framework.

Signing a Contract

Implementation

Organizations must implement the necessary security controls and practices identified in the CMMC framework to achieve the desired level of maturity.

Certification

Once the assessment is complete and the organization's cybersecurity practices are deemed compliant with the CMMC requirements, they can seek certification from accredited third-party assessment organizations (C3PAOs).

bottom of page