Be the Shop Defense Contractors Can Trust What every job shop needs to know about getting ready for CMMC.
2Pages

Be the Shop Defense Contractors Can Trust What every job shop needs to know about getting ready for CMMC. Paperless Parts A Secure Solution for Your Shop • Hosted on Amazon GovCloud (the same servers used by the DoD) • ITAR-registered • All data encrypted in-transit using TLS v1.2 with modern ciphers • Uploaded files are encrypted at rest with AES-256 encryption • 100% US-based system administrators and support team • System Security Plan based on the FedRAMP Moderate baseline (NIST 800-53) • Network and servers approved for CUI • Your files are never sold or shared with third parties • All data is securely backed up nightly • Always retain ownership on all data you upload • Identity Provider support for Single Sign-On • Intelligent user permissions for viewing, sharing, modifying, and downloading sensitive information • Control of sensitive information with CUI flags • Audit reports of who has viewed or interacted with sensitive information Over the next five years, every business in the defense manufacturing supply chain—an estimated 300,000 companies—will need to obtain third-party certification in cybersecurity. The level of required security will depend on what kind of data is handled by each company. Are you prepared? The Cybersecurity Maturity Model Certification (CMMC) CMMC is a U.S. Department of Defense (DoD) program that applies to Defense Industrial Base (DIB) contractors. It is a unifying standard and new certification model to ensure that DoD contractors properly protect sensitive information. CMMC builds largely on the DFARS (Defense Federal Acquisition Regulation Supplement) and incorporates much of the preexisting NIST (National Institute for Standard and Technology) 800-171 cybersecurity requirements. However, CMMC is different from previous cybersecurity standards in that selfreporting compliance is no longer enough. Rather, certification by third-party auditors will be a precondition for quoting work This is a major game changer for job shops. What You Need to Know Now The final ruling for CMMC is expected Certification to be issued in early 2024, but CMMC by third-party requirements are already being incorauditors will be porated into RFQs – which means if you a precondition don’t already have a plan in place, now for quoting is the time to start getting prepared. work. CMMC requirements will be introduced gradually to more contracts over time, and but if you wait until required by a contract to think about cybersecurity compliance, it will be too late. It’s estimated that CMMC certification can take 1-2 years from start to finish. It takes a typical shop many months to assess their processes and remediate security gaps. (Think of it as roughly similar to the process of getting ISO 9001/ AS9100 certified). And third-party certification takes additional time. Shops that are ahead of the game have an opportunity to differentiate themselves with buyers. © Paperless Parts 2023. Due to continuous improvements and innovations, speci

What every job shop needs to know about getting ready for CMMC. Seven Steps to Get Ready for CMMC 1. Identify Which CMMC Tier Is Right for Your Shop There are three tiers of CMMC Certification. Level 1 is considered foundational. Level 2 is considered “Advanced.” Any shop working with CUI will need this level of compliance, which requires the implementation of the 110 best security practices aligned with NIST SP 800171. Level 3, or “Expert,” is the highest level of certification and requires an organization to follow a set of 110+practices based on NIST SP 800-172. 2. Identify the Right...