The Most Common Control Deficiencies in CMMC non-compliant DoD contractors

Author

Vijay Sundararajan, Arman Ghodousi

Entry type

article

Abstract

This article presents the most commonly identified Security Control Deficiencies (SCD) faced, the attacks mitigated by addressing these SCD, and remediations suggested to 127 DoD contractors in order to bring them into compliance with the newly formed CMMC guidelines, the requirements and significance of cybersecurity compliance for small-midsized businesses.

Date

2021 – 2 – 1

Address

45 N Salisbury Street Apt. 20 West Lafayette, IN USA

Booktitle

ISSA Journal - February 2021

Edition

Issue 2

Editor

Jack Freund

Institution

Purdue University

Journal

ISSA

Key alpha

Sundararajan

Organization

ISSA

Pages

31-35

Publisher

ISSA

School

Purdue University

Volume

Volume 19

Affiliation

Ph.D. Student, Purdue University and Cybersecurity Specialist at Secure Open Solutions (SOS)

Publication Date

2021-02-01

Contents

• Introduction • Information used to assess SCD based on the NIST800-171 protocol • How does the assessment categorize the compliance status? • SCD, attacks associated, and remediation suggested in descending order of prevalence • Conclusion • References

Copyright

©2021 Information Systems Security Association, Inc. (ISSA)

Subject

Present state of information security controls in US DoD contractors who are subject to CMMC level-3 compliance.

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.