Starting December 2020, DoD contractors and subcontractors were required to comply with the Cyber Security Maturity Model (CMMC). The DoD no longer accepts the cyber security “self-assessment” check box compliance for contract awards. This has started to appear in new Requests for Proposals (RFPs) and Requests for Information (RFIs). Step 1 in preparing for the CMMC process is having a complete and accurate device asset inventory – and understanding what all these connected devices are doing on your network.
HOW ORDR HELPS PREPARE YOU FOR THE CMMC PROCESS
The Department of Defense (DoD) will begin a phased implementation of the new standard called the Cybersecurity Maturity Model Certification (CMMC). The CMMC contains five levels, ranging from basic hygiene to proactive state-of-the-art protection for Controlled Unclassified Information (CUI). Contractors will no longer be allowed to self-assess.
Every organization doing business with the DoD, including subcontractors, will need to be authorized and accredited by the CMMC. Organizations will need to contract with CMMC Third Party Assessment Organizations (C3PAOs) who will conduct formal assessments and issue CMMC certificates to each Defense Industrial Base (DIB) supply chain organization at the appropriate level to be eligible to receive future contract awards.
Get ready now! Using Ordr in the CMMC pre-assessment phase to obtain an accurate and complete network device asset inventory will save man hours and costs with your C3PAO Assessor consultant. With Ordr, you will have a continuous and accurate asset inventory and understanding of what devices are connected to the network and what those devices are doing “24x7”.
Here's how we help. Ordr offers an agentless, zero touch deployment. Ordr’s sensor connects to a span or tap passively on the network and will not disrupt operations. Within minutes of deployment, you will see what devices are connected, learn what risks they bring, and understand what they are doing in your network. We'll help you address a variety of audit compliance requirements including annual IG and FISMA security audits.
We enable you to do this (and more):
• Maintain a real-time, continuous 24x7 device asset inventory
• Classify every device by make, model, serial number, location, O/S
• Baseline the behavior and communications for each device
• Generate reports to assist CMMC 3PAOs and Assessors
• Visualize network devices via VLAN and network architecture
• Trigger workflows for CMMS, CMDB and ITSM solutions (like Service Now)
• Ensure managed devices are running appropriate A/V software
Benefits
Ordr is your single source of "truth" for device inventory
- Show me ALL devices connected to the network -- including all “managed” and “unmanaged devices: IT, IoT and OT and keep that inventory continuously updated in real time
- Identify behavior and map communications for every device so your CMMC assessor can more easily determine what these devices are doing, their risk scores and vulnerability gaps which need to be addressed
- Dramatically reduce the time and effort needed to prepare for your CMMC audit and assessment
- Identify banned devices and manufacturers such as Huawei and ZTE that are prohibited under the U.S. Presidential Directives
- Increase ROI for existing solutions by integrating Ordr asset inventory details with your existing NAC, vulnerability management, Firewall, SEIM, CMMS/CMDB solutions.
Resources
Bringing Ordr to CMMC Compliance for Unmanaged Devices
Organizations can leverage Ordr to meet CMMC standards for traditional managed devices, unmanaged devices, network, IoT and OT devices.
NIST Cybersecurity Framework and Ordr
Ordr enables organizations to extend the NIST CSF to cover all assets, inclusive of IoT and OT devices.
5 Ways to Improve Asset Inventory and Management Using Ordr
Download this whitepaper to see 5 ways Ordr can improve your asset inventory and management.