CMMC and Higher Ed: Understanding the Basics

For colleges and universities around the country, the government’s embrace of the new Cybersecurity Maturity Model Certification (CMMC) means creating a plan to get compliant—or risk losing out on millions of dollars in grant and research funding. Follow along to learn the basics.

  • What is CMMC?
    CMMC is a new regulation and security requirement from the DoD, requiring researchers and universities that receive funding from the DoD to have specifically built secure environments for all of their DoD-funded research. The environments will need to be accessed and regulated by an independent third party, and universities will need to maintain compliance with that assessment program moving forward.

  • Why was CMMC developed?
    Cyberattacks against all institutions increased during the pandemic, but universities have been a special focus. Attacks against the education sector comprised 10% of all cyberattacks in early 2021, compared to 7.5% the year before. The DoD is worried that hackers who break into university databases could also get their hands on sensitive data that could harm national security. The government embraced CMMC as its answer to this increased threat.

  • When do institutions need to implement CMMC?
    While the CMMC has not taken effect yet, higher ed institutions don’t have much time. The Department of Defense (DoD) issued guidance about CMMC 2.0 in November 2021 and, according to the DoD’s CMMC website, “The rulemaking process and timelines can take 9-24 months. CMMC 2.0 will become a contract requirement once rulemaking is completed.” It’s essential that universities start the process now, since the requirements will start showing up in new contract language and grants moving forward. Since the time to build a secure environment for research can sometimes be extensive, it’s much better to start early if you don’t want to lose out on winning grants—or talent.

An Ad-Hoc Approach Won’t Work

Many universities have taken an ad-hoc approach to the cloud, migrating department by department, or even project by project. When organizations or departments spend individual project money to build their own environments, those environments often operate separately from central IT, meaning that there isn’t a lot of visibility on security or privacy protections. But that won’t work for CMMC. To meet CMMC compliance, institutions will need a new process, entirely. Don’t worry, we’ve got you covered. In our e-book, CMMC Compliance in Higher Education: How to Choose a Path to Compliance, we’ll explore three different avenues that universities can take to become compliant, depending on their unique needs. Download our e-book here CMMC Compliance in Higher Education How to Choose a Path to Compliance

 
You may also like...
Enquizit’s Merger With CDW Means End-to-End IT Performance for Customers
Blogs
Blogs
Enquizit’s Merger With CDW Means End-to-End IT Performance for Customers
Blogs
Blogs

For more than 40 years, customers have trusted CDW to deliver exceptional hardware, maintenance, and technology services. Following our merger with CDW, Enquizit’s clients will now be able to tap into deeper resources, including R&D innovation labs and hybrid cloud solutions. Meanwhile, CDW’s customers can now leverage Enquizit’s long history of helping clients solve problems via the cloud.

Read More →
Blogs
Blogs
Demystifying Artificial Intelligence: 3 Use Cases for the Public Sector and Higher Education
Blogs
Blogs
Demystifying Artificial Intelligence: 3 Use Cases for the Public Sector and Higher Education
Blogs
Blogs

Over the past year, the artificial intelligence (AI) phenomenon has taken the world by storm. Almost overnight, hundreds of millions of users were tapping into a host of AI-powered applications to write cover letters, receive tutoring assistance, make appointments, speed up customer service, detect cybersecurity threats, and more. Some analysts have even referred to AI as the “fourth industrial revolution,” parallel to the development of the internet itself.

Read More →
Blogs
Blogs
Is Your IT Project “Shutdown Proof?” 5 Ways Agencies Can Plan Ahead for a Government Shutdown
Blogs
Blogs
Is Your IT Project “Shutdown Proof?” 5 Ways Agencies Can Plan Ahead for a Government Shutdown
Blogs
Blogs

The reality is that shutdowns are now an unpleasant feature of government work. Since the first U.S. government shutdown in 1981, shutdowns have occurred about every four years. Similarly, public sector IT projects take an average of 3.9 years to complete. As such, there’s a high chance that any team working on an IT project within the federal government will experience a shutdown that will threaten the project’s timeline and budget.

Read More →
Blogs
Blogs
BlogsHanna Oh