Clearing the Clouds: Comparing CMMC to other Frameworks
Jim Masella, Director, FedRAMP & Assurance Services, Coalfire
These days, I spend a lot of time talking to our cloud-based clients about Cybersecurity Maturity Model Certification (CMMC): what it is, why it’s important, and how they can prepare. As one of the leading cybersecurity consulting firms and third-party assessment organizations (3PAO), Coalfire’s clients range from small businesses to the largest technology companies in the world; many of whom are offering essential services to the Department of Defense (DoD). Our firm conducts compliance assessments across multiple frameworks such as SOC, ISO, HIPAA, HITRUST, PCI, FedRAMP, NIST 800-53, NIST 800-171, DFARS, DoD SRG, and many others. Many of our customers are cloud services providers (CSPs) that undergo multiple audits every year to maintain their security posture and the compliance certifications required to offer services in their various markets. To them, the DoD’s new CMMC may just seem like another framework.