Providing A "Safe Harbor" For The DIB To Successfully Implement DFARS & CMMC Requirements
CMMC Industry Standards Council
Providing A "Safe Harbor" For The DIB To Successfully Implement DFARS & CMMC Requirements
CMMC Industry Standards Council
WHO WE ARE
The CISC
The CMMC Industry Standards Council (CISC) is a 501-C6 organization, a consortium of highly qualified CMMC industry leaders and collaborating businesses dedicated to the CMMC mission and protecting the war-fighting capabilities of the United States by protecting Controlled Unclassified Information (CUI).
CISC Founding Members: An Industry Consortium
- CMMC Industry Providers of Enabling Products & Services
- Highly Qualified CMMC Industry Practitioners
- CYBER-AB Registered, Accredited, and Certified Individuals and Organizations
- Small, Mid-Size, and Large Businesses, Disadvantaged Businesses, Independent Entrepreneurs, Non-Governmental Organizations, and Flagship Industry Brands
Enabling & Equipping the CMMC Ecosystem
What Is The CISC Mission?
The mission of the CISC is to provide a ”safe harbor” for the Defense Industrial Base (DIB) through an authoritative & reliable CMMC Industry Reference Standard (CMMC ePU) and other critical enablers for CMMC certification and to meet DFARS requirements. We seek to deliver...
- a "Gold Standard" for Guidance & Best Practices
- Training, Solutions & Evidence
- Reduce Time, Risk, & Cost
- Qualified Providers, Vendors, & Technologies.
In addition, the CISC seeks to ensure:
- The assurance offerings provided by the vendor satisfy the specifications necessary to meet the requirements when they are properly implemented and function as intended.
- Products and services are 'right-sized' and 'cost-effective' for the business model.
- The continuous development, evaluation, implementation, and sustainment of the industry-based reference standard and supporting documentation to meet or exceeds agency regulations, agreements, and requirements for the protection of Controlled Unclassified Information.
Why Build A Safe Harbor?
- Cybersecurity, sensitive data governance, and compliance are highly complex topics that only become more difficult with federal regulations, federal agency policies, and contractual requirements.
- The CMMC ecosystem's immaturity creates risk.
- Complexity and immaturity creates confusion, uncertainty, and risk.
- Conflicting and inconsistent industry guidance creates risk for the significant investments and disruptive changes required.
What is Needed?
- A "Gold Standard" for guidance and documentation developed from an industry consortium of trusted sources.
- Use the guidance to make smart decisions during implementation, investments, and activities needed to meet requirements.
- Continuously improve the guidance and reference documentation to include updated information and changes in the requirements.
- Access to trusted consultants, external service providers, and vendors that work together with a common understanding to provide consistent offerings.
- Use the common reference standard make cost-effective choices on compliant services, vendors, and solutions.
The Defense Manufacturing Ecosystem is Struggling
The DIB Faces A Myriad of Challenges
The CISC exists to develop, coordinate, and sustain industry-based reference standards that help the industry effectively address the obstacles, confusion, and challenges related to DFARS and CMMC compliance.
- Persistent cyber threats & vulnerabilities
- Lack of reliable cyber expertise
- Lack of cyber experience & affordable resources
- Lack of authoritative guidance
- Uncertain technologies & capabilities
- Inconsistent services, tools, & products
- Uncertainty in decisions & investments
Risk & Uncertainty Across the DIB
- What is required?
- Why is it required?
- What does “right” look like?
- How do we meet & sustain requirements?
- How do we document the evidence?
- Which products & services work best?
- How do I reduce & control costs?
Fair Use of CMMC logo. Copyright of US DoD
How Does The CISC Help?
- Standardization - Centralized industry standards & reference architectures aligned to technologies and services from leading providers
- Product Mapping – Educate the DIB on the dynamic link between CMMC requirements and assessment criteria to vendor capabilities and shared responsibilities
- Implementation Guidance - Improved implementation guidance to accelerate adoption, reduce complexity, and reduce support costs
- Cost Management - Reduce cost of implementation, sustainment, and reduce product and technical support
- Scalable – Enable adaptability to right-sized solutions for large, medium, and small businesses through existing and innovative internal and external tools/tech & automation
Our purpose is to:
· Enable more consistent, comparable, and repeatable assessments of security controls and requirements with reproducible results;
· Promote a better understanding of the risks to federal information, organizational operations, assets, and individuals from insecurity and noncompliance;
· Facilitate more cost-effective implementations and assessments of security controls and requirements through the reciprocity of quality standards among CMMC ecosystem products and services, while contributing to the improvement of overall control effectiveness;
· Provide more complete, reliable, and trustworthy information for stakeholders confidence in data, security, and compliance decisions regarding federal laws, federal and agency directives, regulations, and policies.