Stemming from recent attacks, the May 12 Executive Order on Improving the Nation’s Cybersecurity takes a multi-pronged approach to mitigation. With modern threats, any gap in detecting, reporting, employing timely protections, and ultimately defending an attack can cause a cascading effect of failure. In other words: Attackers only need to be right once. Cybersecurity professionals need to be right all the time.
CMMC, as it’s rolled out over the course of five years, is meant to reduce, if not eliminate, vulnerabilities and address a critical national security challenge. The defense industrial base (DIB) includes more than 300,000 companies, over which there has been a glaring lack of previous oversight. These companies access and store sensitive defense information on their own systems. CMMC represents an important step toward protecting this information.
A key component of improved federal cybersecurity is visibility, which is being addressed through the Cybersecurity and Infrastructure Security Agency's Continuous Diagnostics and Mitigation (CDM) program. Last year, Congress upped CDM funding, setting aside a total of $213.5 million for the program. As these funds are actually funneled into technology investments, agencies generally recognize the fact that no single vendor is able to solve the entire CDM puzzle.