Wiring Harness News Jul-Aug 2022 - Page 36


Recent Changes to DoD ’ s CMMC Cybersecurity Framework

CMMC Version 2.0 _______________________

In the January / February issue of last year , WHN introduced readers to the DoD ’ s new cybersecurity protocol that it will require of all prime and subcontractors . In the article , we interviewed Nicholas McBride , Cybersecurity Consultant at Ecuron , who took us through the steps for compliance . Nicholas recently contacted us to provide important updates for the CMMC Protocols .

There is a link to our original report at the end of this article for full review . Basically , the Office of the Under Secretary of Defense for Acquisition and Sustainment , in conjunction with DoD stakeholders , have developed the new CMMC Certification as a means to protect sensitive information from a range of cyber threats . The intent is to combat the loss of intellectual property and certain unclassified information from
Print a bar code label only
Restrict an operator from
Identify the operator for
Verify the bar code label
if the harness passes ?
altering the program ?
labels and data collection ?
is applied to the harness ?
Transfer programs to tester
Send alert if harness is
Connect to a network for file
Work as a standalone system
via a memory card ?
removed prematurely ?
transfers and data collection ?
without needing a computer ?
FIGURE 1 . CMMC Security Levels for Version 2.0
the DoD supply chain .
This past November , the DoD put out a rule saying they were changing the CMMC program . It has taken a few months for the changes to obtain a level of clarity , and Nicolas outlined the major changes for us . The previous version was version 1.2 , and the new version is 2.0 .“ The two big takeaways were that they got rid of all of the requirements that went above and beyond the NISTSP 800 – 171 controls . So that means there were an additional 20 controls for CMMC at Level III . They removed those and it is now just the same 110 controls from the NIST standard ,” Nicholas detailed . He also mentioned they got rid of the additional maturity requirements but warned that even though they are not explicitly mentioned , they are implicitly required .
The next big difference is the streamlining of the security levels . The old CMMC model had five levels , with most people aiming for Level I or Level III ( Level II having been an intermediary step , and not really a compliance level ). The new version only has three levels ( fig . 1 ). Level I has not changed . The new Level II is the same as the old Level III ( eliminating the intermediary step ), and the new Level III is the same as the old Level V , ( eliminating the old Level IV intermediary step ). It is still expected that most companies will
Continued on page 38