CMMC 2.0 Level 2

100%

Status

Completed [Completed]

100% complete, updated on Fri 6/30/23 2:07 PM by Rachel Battista

Changed Status from In Process to Completed.
Completed with a score of 110 per NIST 800-171. It will now transition to Operational between RTT and IT InfoSec.

Details

Dates
Thu 9/1/22 - Fri 6/30/23

Acct/Dept

Technology Transfer

Type

IT-General / Workflow (Re-engineering, streamlining)

Health

Green - On track

Requirements

-Roles, responsibilities, and processes that dictate the flow of information and decision making around: CUI project notification, access control, background check vetting, Sponsor contract language/requirements, research requests, multi-university research collaborations.
-Non-Technical security processes and compliance governance that include but are not limited to, self-assessment audits, reporting out of audit scores and potential compliance risks, security awareness training, incident response and risk management both physical and digital.
-Self-auditing of CMMC framework for long-term growth and compliance, change management, and reporting on measurable program gains/benefits to Mines, and financial processes for research contract charges.

Created

Fri 11/4/22 2:23 PM

Modified

Fri 6/30/23 2:07 PM

Closed

Fri 6/30/23 2:07 PM

New Project Request

Point of Contact

This can either be the project manager or the person who knows the most about the project. Note that the project manager is assigned after the project is created.

Rachel Battista

What is the desired completion date?

Please note that projects will be completed based on resource availability and prioritization.

04/28/2023

Any additional information about this request that you would like to include?

Who does this project help? What happens if this project is not completed?

This project is critical to the compliance with and functionality of the CMMC program for Controlled Unclassified Information. It is the foundation for all CUI projects both within the digital govcloud environment and without.

If this project is not completed we will not reach a 110 compliance score or have a proper framework for vetting researchers, physical security, risk assessment, or incident response.

Description

CMMC stands for the Cybersecurity Maturity Model Certification. It is a framework developed by the United States government specifically addressing the transfer, use, and storage of Controlled Unclassified Information (CUI) in the Department of Defense (DoD) supply chain. All vendors or contractors to the DoD who handle CUI must be CMMC compliant. The regulatory document that houses the requirements that determine compliance is NIST800-171.
Mines, as a DoD contractor with CUI must achieve CMMC compliance.
Mines will create a framework of processes, the amount and detail of which is still unknown, that will be centered around non-technical aspects of compliance. The main categories of processes focus on Access Control, Sponsor/Research Needs, Security Administration/Reporting, Governance, and Auditing. This framework will be the foundation for all CUI contracts, including but not limited to: those that require physical space requirements, physical CUI if applicable, govcloud data within the Secure Government Enclave, or any other configurations as yet unknown.

Manager