Issue link: https://iconnect007.uberflip.com/i/1496178
APRIL 2023 I SMT007 MAGAZINE 43 Easy-to-use, cost-effective tools also exist that do everything from explaining the CMMC practices in plain English and guiding the self- assessment process and progress to creating the policies, plans, and other documentation necessary for accreditation. Look to managed service providers (MSPs) and managed security service providers (MSSPs) as partners with proven capabilities who can efficiently offload much of the compliance burden by reducing the assessment footprint and thus the overall time and cost to CMMC accreditation. How can a business reduce its burden? Hernandez: There are several steps a business can take. One important step is to conduct a thorough self-assessment to identify any gaps in its cybersecurity measures, develop a plan to address them, and prioritize its efforts and resources effectively. Another important step is to work with experienced cybersecurity professionals who can provide guidance on the CMMC require- ments and help the business develop and implement a compliance plan. This otherwise might be difficult for SMBs with limited IT staff. MSSPs possess the knowledge, tools, and credentials to assist with CMMC compliance. They can provide cost-effective solutions and services by leveraging their existing technical controls and expertise. By outsourcing the self-assessment and preparation to an MSSP, businesses can access the experienced resources needed to achieve compliance without having to invest in building their own cybersecurity programs w ith dedicated c yber secur it y staf f. The MSSP will pre-assess the level of compliance, identify the gaps, and help implement the required controls in preparation for the actual assessment. It's important to remember that CMMC compliance is not a one-time thing but rather continuous maintenance of the certified status, which can be delegated to the MSSP. Businesses need to continually monitor their cybersecurity posture, conduct regular security assessments, and update their security controls to ensure ongoing compliance with the CMMC framework. SMT007 Allen Anderson represents local, national, and international businesses, as well as public and governmental entities, on a variety of legal matters, ranging from drafting and negotiation of both commercial and governments contracts; to formation of entity-wide compliance programs in response to an ever-changing political landscape; to disputes arising in both state and federal courts and before various arbitration or governmental panels. Allen is part of F&B Law Firm, P.C., a global practice, providing focused and timely legal advice on issues affecting a spectrum of industries including electronics manufacturing service providers. Joaquin Hernandez is an electronics and telecommunications engineer with over 15 years of experience helping small- and mid- sized businesses as an information security professional. Currently a cybersecurity and CMMC consultant, Joaquin is the founder and president of Empowered IT Solutions, a security service provider serving companies in the United States and México, offering innovative IT technologies and cutting-edge cybersecurity solutions to implement, maintain, and comply with mandated CMMC and NIST requirements. Vijay Takanti is SVP of Innovation and Informatics at Exostar, a provider of secure, cloud-based, compliant B2B collaboration capabilities and communities for highly regulated industries worldwide. He is responsible for the strategy and product roadmap, design, development, and customer delivery of The Exostar Platform. Takanti has more than 35 years of experience in electronic data processing, application design and development, and information security solutions for government and commercial customers globally. He facilitates the development of industry best practices and standards by bringing together CISOs and CSCOs from leading companies to focus on improving supply chain cybersecurity and risk management.