On November 10, 2021, EAB's IT Forum hosted a Q&A panel with three senior IT leaders with experience navigating Cybersecurity Maturity Model Certification (CMMC) at their institutions: Helen Patton, Advisory CISO at Cisco and former CISO at The Ohio State University, Donna Kidwell, CISO at Arizona State University, and Masood Sidiqyar, Senior Director of Information Security at Vanderbilt University.
Read on to learn about some roundtable takeaways below or scroll to the next steps.
Download the resources from the Q&A panel.
What is CMMC?CMMC is a forthcoming cybersecurity requirement that will apply to all higher education and research institutions doing business with the Department of Defense (DoD). CMMC certifies the level of an organization's ability to protect federal contract information (FCI) and controlled unclassified information (CUI). Arguably the most significant standard in InfoSec's history, CMMC is coming to higher ed in no uncertain terms.
Not only does CMMC bring pivotal changes in requirements for DoD grants, but it also introduces as an assessment program that dwarfs all others. Early indications also suggest CMMC will not be limited to DoD grants-it may become a standard requirement for a whole host of federal grants as government agencies look to harmonize their cybersecurity approaches.
Review the Key Takeaways 1. Higher ed institutions should not bet on lax enforcement of CMMC 2.0 despite reduced stringency compared to CMMC 1.0.Unlike CMMC 1.0, which required third-party assessment for all maturity levels, all CMMC 2.0 level one and a proportion of level…