The Most Common Control Deficiencies in CMMC non-compliant DoD contractors
Author
Vijay Sundararajan, Arman Ghodousi
Abstract
This article presents the most commonly identified Security Control Deficiencies (SCD) faced, the
attacks mitigated by addressing these SCD, and remediations suggested to 127 DoD contractors
in order to bring them into compliance with the newly formed CMMC guidelines, the requirements
and significance of cybersecurity compliance for small-midsized businesses.
Address
45 N Salisbury Street
Apt. 20
West Lafayette, IN
USA
Booktitle
ISSA Journal - February 2021
Institution
Purdue University
Affiliation
Ph.D. Student, Purdue University and Cybersecurity Specialist at Secure Open Solutions (SOS)
Publication Date
2021-02-01
Contents
• Introduction
• Information used to assess SCD based on the NIST800-171 protocol
• How does the assessment categorize the compliance status?
• SCD, attacks associated, and remediation suggested in descending order of prevalence
• Conclusion
• References
Copyright
©2021 Information Systems Security Association, Inc. (ISSA)
Subject
Present state of information security controls in US DoD contractors who are subject to CMMC level-3 compliance.