Michael Morello
Katie Arrington, the acting CIO for the Department of Defense, is fiercely determined to enforce the requirements of the Cybersecurity Maturity Model Certification (CMMC), considering it a primary defense against China’s cyber incursions – and one she expects the Defense Industrial Base (DIB) to meet.
Among best practices suggested for achieving CMMC is maintaining a comprehensive, accurate asset inventory, because it defines the borders of an organization’s networks. This is often difficult to create – asset ecosystems are growing, vulnerability gaps are easy to miss, and compiling accurate reports on a tight budget is challenging. Having such an inventory requires continuous assessment, as IT ecosystems are in constant flux. It is be useful for other compliance requirements, such as meeting Peripheral Component Interconnect (PCI) communications standards or HIPAA privacy standards.