Cybersecurity Maturity Model Certification (CMMC): The Next of Chapter of Federal IT Security Compliance

In today’s data-driven world, security is an important aspect of data collection and storage. Just take a look at recent headlines and you’ll see that bad actors are constantly trying to breach internet security. It can be costly, time-consuming, and extremely inconvenient to deal with a data breach or hacking attack. But when that data is critical to the security and safety of the United States, a cybersecurity attack can be more than inconvenient. It can be dangerous or even deadly.

That’s why the Federal government has often been a key driver of IT security standards. As a huge consumer of private-sector IT infrastructure and services, the Federal government has a special responsibility to ensure its service providers meet the most stringent security and compliance certifications.

One of the most demanding of those standards is the Federal Risk and Authorization Management Program (FedRAMP). FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

DataBank has a strong pedigree in deploying secure and compliant solutions for mission-critical business systems governed by Federal security requirements, including FedRAMP. As the holder of an “Authorization to Operate” (ATO) for our cloud platforms, DataBank has undergone a 3PAO audit and validation process utilizing the latest NIST 800-53 security framework for its cloud and NIST-compliant security offerings. DataBank’s team of experts supports the full cycle of hosting and cloud infrastructure including design, deployment, testing, validation, and defense-in-depth protection.

However, a new certification will soon be available to service providers that seek to work with the U.S. Department of Defense (DoD). The Cybersecurity Maturity Model Certification (CMMC) will review and combine various cybersecurity standards and best practices under one security framework for the entire DoD. Although the DoD is going with the CMMC as their standard, they are not throwing out the FedRAMP model and will view certain levels of FedRAMP as compliant with the CMMC. These standards will be mapped across levels that range from basic cyber hygiene to advanced. For a given CMMC level, the associated controls and processes, when implemented, will reduce risk against a specific set of cyber threats.

Although CMMC is not formally released and ready for consumer use, DataBank is already CMMC qualified by virtue of our FedRAMP authorization. The leaders of CMMC have stated that FedRAMP authorizations will be accepted as reciprocity. By hosting your cloud application at DataBank under our existing FedRAMP authorization, and having your agency sponsor issue an ATO, your SaaS product can also be ready and qualified for CMMC when it is released.

Just another example of how DataBank stays ahead of the curve when it comes to security and compliance! To learn more about DataBank’s suite of security offerings, click here. To learn more about DataBank’s compliance ecosystem, click here.