Italian, European, NATO and USA companies must protect know-how and prevent information exfiltration carried out by foreign or malicious actors. Strict rules have been laid down in the past years, whereas increasing risks of today involve the whole panorama of unclassified information within which many tempting trade secrets make foreign countries and astute competitors want to have them.
Cyber Security has become a key element of so-called “asymmetric cyberwarfare” and the USA has developed a certification model for all its suppliers: CMMC - Cybersecurity Maturity Model Certification. From now until 2025, any RFQ of DoD must ensure specific levels of CMMC Certification. All DoD’s providers and sub-providers, including foreigners, shall provide this requirement.
Cybersecurity has become a key element of the DFARS new rules (Defence Federal Acquisition Regulation Supplement), in force since 1 December 2020. The DoD’s providers are required to implement, monitor and ensure compliance with NIST SP800-171 and with CMMC afterwards.
Gerico Security guides companies through the compliance process with NIST SP800-171 and through Self Assessments for DoD and supports those that need to be compliant with CMMC to address Level 1 or level 3 certification audits.
The new rules that complete the DFARS clause 252.204-7012 are:
DFAR Cybersecurity requirements timeline
You can call us at +393496847531 to get to know us better