At BinaryShield, it is our philosophy that custom-tailored, proactive solutions that align with best security practices and regulatory frameworks are the best methods to address people, technologies, and facilities to provide actionable cybersecurity strategies. One such framework, which has garnered significant attention due to its complexity and transformative nature, is the Cybersecurity Capability Maturity Model (C2M2).
C2M2 is the United States government’s (USG) solution to improve regulatory compliance with NIST SP 800-171. Since the original announcement of this framework, revisions have been implemented as applicability and implementation considerations have been raised and addressed.
In this advisory C2M2 series, BinaryShield will address C2M2’s scope — particularly asset categories and the associated requirements for Defense Industrial Base (DIB) contractors — along with who and what the framework impacts and what it means for you.
Asset Type |
Asset Description |
DIB Contractor Requirements |
C2M2 Assessment Requirements |
---|---|---|---|
Controlled Unclassified Information (CUI) | Assets that process, store, or transmit CUI |
|
|
Security Protection Assets | Assets that enable security controls to DIB Contractor’s C2M2 Scope — regardless of if the asset processes, stores, or transmits CUI |
|
|
Contractor Risk Managed Assets | Assets that can—but are not intended to—process, store, or transmit CUI, as well as those that are not required to be separated physically or logically from assets that do |
|
|
Specialized Assets |
|
|
|
Stay tuned for the upcoming parts of our series on C2M2 guidance, which will include defining assets, data types, and expectations within the scope of C2M2 applicability.
BinaryLab is committed to protecting clients’ sensitive data by proactively addressing security concerns, as well as providing relevant and timely security expertise. For an assessment or more information, contact BinaryLab at 301-337-3131.
About the author
Sergio Orellana is the Chief Cybersecurity Officer of BinaryLab and leads the creation and delivery of enterprise-class cybersecurity and compliance solutions. He is a breach response expert with more than a decade of experience working on large and complex security incidents and investigations.
Learn more about Sergio here.