Cybersecurity Standards and Regulations

Gain visibility into your cybersecurity stance, including processes, assets and risks. Shift from a mindset of defense to one of mitigate and manage. Then use your cybersecurity stance to build business opportunities and grow trust among your stakeholders, meeting the regulatory requirements for U.S Federal government and other contracts.

DTS services include:

SOC 2 Type 1 • SOC 2 Type 2 • HITRUST • HITECH • CCPA • NIST 800-171 • NIST 800-53 • CMMC • DFARS • ITAR

NIST vs. CMMC: Understand the difference

You may be familiar with cybersecurity requirements but not confidently know where your company falls in the process. DTS can help you calculate your “score” and help you determine how and when to report that number.

You may need to report your number to bid or team on DoD contracts, to lower the cost of cybersecurity insurance, and to establish stakeholder relationships around proprietary information.

NIST SP 800-171

  • Requirements that non-Federal computer systems must follow in order to store, process, or transmit Controlled Unclassified Information (CUI) or provide security protection for such systems
  • 110 Controls (Technical, Policy, and Procedure)
  • Self-certify and report score in the Supplier Performance Risk System (SPRS) 

CMMC: Cybersecurity Maturity Model Certification

  • A standard for implementing cybersecurity across the Defense Industrial Base (DIB) and protecting CUI
  • Based on NIST SP 800-171 standards
  • Takes into account your organization’s actual cybersecurity practices and how long and how well you’ve been following them
  • 5 sequential levels of maturity
  • 17 compliance domains, using a combination of technical controls, policy, and procedures
  • Requires validation by a third-party assessor
CMMC Standards Process

CMMC defines five cybersecurity maturity levels, ranging from basic cyber hygiene (ML-1) to advanced cybersecurity practices (ML-5). Each level outlines the capabilities, processes, and practices to reduce the risk of a security threat breaching a company’s cybersecurity defenses.

CMMC Maturity Levels

CMMC Maturity Levels

17 Compliance Domains

Access Control
Asset Management
Audit and Accountability
Awareness and Training
Configuration Management
Identification and Authentication

Incident Response
Maintenance
Media Protection
Personnel Security
Physical Protection
Recovery

Risk Management
Security Assessment
Situational Awareness
System and Communication Protection
System and Information Integrity

Insights

Open quote

It seems like innovation is happening faster then ever before, that’s because it is. Disruptors are changing the way we think and behave. Those who are the first to embrace it, reap the biggest gains.

Close quote