Help you identify the flow of FCI/CUI and create the system boundary diagram with asset scoping.
Konica Minolta is continuing to stay on top of the latest updates and changes being made to the Cybersecurity Maturity Model Certification (CMMC) program. As of December 26, 2023, the Department of Defense (DoD) has released a proposed rule to establish requirements for a comprehensive and scalable assessment mechanism to ensure defense contractors and subcontractors have, as part of the Cybersecurity Maturity Model Certification (CMMC) Program, implemented required security measures to expand application of existing security requirements for Federal Contract Information (FCI) and add new Controlled Unclassified Information (CUI) security requirements for certain priority programs.
DoD currently requires covered defense contractors and subcontractors to implement the security protections set forth in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800–171 Rev 2 to provide adequate security for sensitive unclassified DoD information that is processed, stored, or transmitted on contractor information systems and to document their implementation status, including any plans of action for any NIST SP 800–171 Rev 2 requirement not yet implemented, in a System Security Plan (SSP). The CMMC Program provides the Department the mechanism needed to verify that a defense contractor or subcontractor has implemented the security requirements at each CMMC Level and is maintaining that status across the contract period of performance, as required.
The New DOD Proposed Rule for the 32 CFR ensures accountability for companies that implement cybersecurity standards while minimizing barriers to compliance with DoD requirements. Significant changes have been made in efforts to streamline the certification process. As a Registered Practitioner Organization (RPO), Konica Minolta has Registered Practitioners (RP), Certified Information System Auditors (CISA), and CMMC Certified Professionals (CCP) ready to support organizations seeking assessment (OSA), and organizations seeking certification (OSC) through the CMMC process.
Help you identify the flow of FCI/CUI and create the system boundary diagram with asset scoping.
Perform a CMMC Level Conforming Practice gap assessment against the Standard (FAR 52.204-21, NIST SP 800-171r2, etc.)
Help you develop NIST 800-18 Conforming System Security Plan (SSP) and Plan of Action & Milestone (POA&M) to address gaps.
Support POA&M activities recommendations and remediation, and updates to SSP and policies to align with the CMMC.
Help you establish evidence of conformance over a 3-to-6-month period to ensure habitual, and persistent behavior and operation of the Information Security System.
Perform Certification Readiness Assessment by identifying artifacts that prove objective evidence of conformance and filling out the CMMC Assessment Process (CAP) required documents.
Help you identify a reputable C3PAO and support your CMMC Assessment.
Konica Minolta adheres to the following process to get Organizations Seeking Assessment, & Compliance (OSA) & (OSC) on their journey.