Exostar expands risk management suite with new product to support cybersecurity maturity model certi
Exostar, the leader in trusted, secure business collaboration in aerospace and defense (A&D), life sciences, and healthcare, today announced the launch of Certification Assistant, a risk management product that supports Defense Industrial Base (DIB) organizations’ efforts to comply with and self-attest to NIST SP 800-171 security controls, and to self-assess and document security hygiene against CMMC processes and practices ahead of accreditation audits.
Businesses across the DIB must account for today’s and tomorrow’s cybersecurity requirements identified in Defense Federal Acquisition Regulation Supplement (DFARS) clauses such as 252.204-7012. These requirements currently include the 110 security controls found in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, and will soon incorporate the 171 practices and 5 processes defined in Cybersecurity Maturity Model Certification (CMMC) Version 1 (V1).
“The recent release of CMMC V1 is the first step of a multi-year CMMC implementation and adoption journey,” said Stuart Itkin, Vice President of Marketing and Product Management at Exostar. “During the transition, organizations that serve the DoD directly and indirectly will need to address NIST 800-171 and CMMC simultaneously. 800-171 audits are on-the-rise, and third-party audits are part of the CMMC accreditation process. Certification Assistant empowers all members of the DIB to understand the requirements, conduct self-assessments and execute necessary actions, and prepare for external audits to confirm their cybersecurity capabilities and receive certifications.”
Original equipment manufacturers (OEMs) and suppliers at all tiers of the Department of Defense (DoD) supply chain can use Certification Assistant to help meet and manage NIST SP 800-171 and CMMC requirements, and continually monitor their progress. With the secure, cloud-based product, DoD OEMs and suppliers can:
Access explanations and guidance for all 110 NIST SP 800-171 Revision 2 security controls and CMMC V1’s 171 practices and 5 processes
Conduct complete self-assessments to determine status towards NIST SP 800-171 compliance and achieving each of the five CMMC levels
Collect, upload, and maintain relevant evidence and artifacts
Leverage a robust, easy-to-understand dashboard and a Wizard-like user experience to track actions and progress against unmet security controls, practices, and processes
Assess cybersecurity risk with greater confidence
“No organization should underestimate the time and effort necessary to conduct NIST 800-171 and CMMC self-assessments, prepare for external audits, and coordinate with their DoD supply chain partners to mitigate risk and achieve the necessary compliance and certifications,” said Scott Armstrong, Senior Director and Group Product Manager at Exostar. “Certification Assistant facilitates and brings visibility, consistency, insight, and repeatability to the process, which is particularly important for smaller organizations that may not possess significant cybersecurity resources or expertise. By serving as the secure central repository that tracks cybersecurity hygiene, Certification Assistant helps organizations to protect sensitive information and intellectual property, and best position themselves to pass external audits so they can participate on forthcoming DoD programs.”
Exostar offers three versions of Certification Assistant. The Lite version supports organizations seeking CMMC Level 1 accreditation. The Standard version extends product scope to include NIST SP 800-171 and CMMC Levels 2-3, while the Premium version accounts for 800-171 and all five CMMC levels.
DoD OEMs and suppliers with Exostar Managed Access Gateway (MAG) credentials can access a free, one-year subscription to Certification Assistant Lite today. Others will need to first register and apply for a MAG credential to gain access. Certification Assistant Standard and Premium subscriptions will be available for purchase later in Q2 2020.