Non-profit MISI launches program to help small business prepare for CMMC 2.0

By Sara Friedman / January 19, 2022 at 11:06 AM

MISI, a Maryland-based accelerator focused on cybersecurity, is starting a new program to help small businesses prepare for the latest changes to the Defense Department’s Cybersecurity Maturity Model Certification program.

The “DOD Supply Chain Cybersecurity CMMC 2.0 and Cyber Resilience Mission Accelerator Program” will help small businesses in Maryland, Georgia, Florida and Virginia get up to speed on version 2.0 of the department’s CMMC program. The MISI program also includes assistance on “cyber compliance and resilience,” according to a MISI release.

MISI said it will offer “highly cost effective virtual coaching, subscriptions to its award winning MSOC security operations center powered by Elastic and periodic red team assessments of the subscribed networks.” MISI receives funding from DOD’s Office of Small Business Programs to help businesses prepare for CMMC under its Project Spectrum initiative.

The new program “prioritizes DOD supply chain manufacturers not part of a current Manufacturing Extension Partnership Program (MEP) but also will support other DOD supply chain small and medium sized businesses,” MISI said. The program is focused on compliance for level one of the CMMC program.

“To be accepted into the program candidate companies must meet certain criteria such as dedicating one resource in the company for a minimum of 2 hours a week” and “have the capabilities needed to support cyber threat data collection in support of the MSOC SIEM and includes a limited subscription to MISI’s JENSIE cyber threat, compliance and red team cloud based platform,” MISI said.

“Companies accepted into the program will be required to pay a discounted one year subscription fee and agree to achieve a better than 80% cyber compliance readiness score within the first seven months of their tenure in the program,” MISI said. The contractor is limiting program participation to 60 companies.

Meanwhile, Microsoft provided guidance to help companies prepare for CMMC in a recent blog post.

“To prepare for CMMC 2.0 we recommend you continue to align your security program to NIST SP 800-171 as well as getting executive buy-in early: proper planning will be vital to achieving CMMC 2.0 in a reasonable timeframe,” Microsoft’s Jason Orcutt wrote in the Jan. 11 posting.

Orcutt urges companies to “[l]everage technology to centralize the process of assessing and providing continuous monitoring of compliance” with CMMC and provides details on Microsoft’s solutions to help businesses achieve this objective.

The posting also has details on how Microsoft can help companies protect controlled unclassified information and logging data.