Cybersecurity Maturity Model Certification for military customers

beaser3

Involved In Discussions
#1
Hi,

We are in the process of getting ready for our CMMC (cyber security Maturity Model Certification) and I am struggling with how to handle CUI (certified unclassified information). For us, I believe the only things that fall into the category are blueprints and part models. Most of our employees need access to blueprints to do shop floor inspections so they are kept in files that have a large access group. Is a blanket statement signed by each employee stating that they understand the sensitive nature of the docs and agree not to share the data enough to cover the CMMC requirements?

We also need to send models and drawings to our tool and insert vendors and I am not sure what controls they have at their facilities. Some of them are very small shops and I am not sure that they have the ability to put all controls in place. If we "whitewash" our prints and models to remove any reference to customer or military affiliation would that satisfy the requirements?

I appreciate any help.

thanks,
Lynn
 
Elsmar Forum Sponsor

blackholequasar

Involved In Discussions
#2
Hey there @beaser3 - we, too, are working towards CMMC this year to be able to continue business with our military customers. We have NOT yet had an audit and we do not maintain certification, but for prints and sensitive controlled documents we provide stamped hard copies in a designated location (a folder for the build). Anyone who accesses that to build product will see the statement and by signing off on the job function (traveler), they are agreeing to the statements therein. At least, that's what we are doing for now.

Also we are certifying that all of our operators are CMMC trained and US citizens or applicable visa holders. I'm not sure if we will encounter issues, however. I've been looking for guidance or understanding on this as well!
 

beaser3

Involved In Discussions
#3
Hey there @beaser3 - we, too, are working towards CMMC this year to be able to continue business with our military customers. We have NOT yet had an audit and we do not maintain certification, but for prints and sensitive controlled documents we provide stamped hard copies in a designated location (a folder for the build). Anyone who accesses that to build product will see the statement and by signing off on the job function (traveler), they are agreeing to the statements therein. At least, that's what we are doing for now.

Also we are certifying that all of our operators are CMMC trained and US citizens or applicable visa holders. I'm not sure if we will encounter issues, however. I've been looking for guidance or understanding on this as well!
Hi-I was just curious if you have gotten any further on your implementation?
 

blackholequasar

Involved In Discussions
#4
Not much to report just yet, unfortunately. Our IT is currently working on closing security issues by updating all of our software to current supported requirements. But if we encounter anything huge or have a 'eurika' moment, I'll come back here and ping you!
 

blackholequasar

Involved In Discussions
#6
Just wanted to bring life back to this thread, possibly, in regards to CMMC. I've found that it's been difficult to get CMMC implemented in a 'timely manner'... I did find this group on Reddit that is also struggling through it: https://www.reddit.com/r/CMMC/

I think an issue that I've been facing is that our customers are giving us a hard deadline, but the auditors for CMMC are just not available to approve our systems.
 
Thread starter Similar threads Forum Replies Date
D Cybersecurity and Risk Management: Loss of confidentiality IEC 62304 - Medical Device Software Life Cycle Processes 5
Aymaneh Medical Device Cybersecurity Risk Management IEC 27001 - Information Security Management Systems (ISMS) 2
K Applicability of Cybersecurity EU MDR 2017/745 Annex 1 23.4(ab), 14.2(d) CE Marking (Conformité Européene) / CB Scheme 3
Bill Hansen New ISO 14971:2019 Harm: unreasonable psychological stress, and cybersecurity ISO 14971 - Medical Device Risk Management 13
K FDA Premarket Cybersecurity Guidance - 4 questions Other US Medical Device Regulations 5
M Informational TGA presentation: Cybersecurity for medical devices Medical Device and FDA Regulations and Standards News 0
M Informational IMDRF draft document – Principles and Practices for Medical Device Cybersecurity Medical Device and FDA Regulations and Standards News 0
M Informational US FDA – URGENT/11 Cybersecurity Vulnerabilities in a Widely-Used Third-Party Software Component May Introduce Risks During Use of Certain Medical Dev Medical Device and FDA Regulations and Standards News 0
M Informational US FDA Patient Engagement Advisory Committee – Cybersecurity in Medical Devices: Communication That Empowers Patients Medical Device and FDA Regulations and Standards News 0
M Informational TGA – Webinar: The cybersecurity of medical devices Medical Device and FDA Regulations and Standards News 0
M Informational Draft ANSM’S GUIDELINE Cybersecurity of medical devices integrating software during their life cycle Medical Device and FDA Regulations and Standards News 0
M Informational Health Canada guidance document – Pre-market Requirements for Medical Device Cybersecurity Medical Device and FDA Regulations and Standards News 0
M Informational COCIR paper – Advancing Cybersecurity Of Health And Digital Technologies Medical Device and FDA Regulations and Standards News 0
M Informational DITTA White Paper on Cybersecurity: Best Practices in the Medical Technology Manufacturing Environment Medical Device and FDA Regulations and Standards News 0
M Medical Device News DHS – Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients Medical Device and FDA Regulations and Standards News 0
S Should there be a SOP on Cybersecurity? ISO 14971 - Medical Device Risk Management 1
M Medical Device News Health Canada – Consultation: Pre-market Requirements for Medical Device Cybersecurity Medical Device and FDA Regulations and Standards News 0
S Medical Device Cybersecurity Risk Management File ISO 14971 - Medical Device Risk Management 2
P Understanding FDA draft "Management of Cybersecurity in Medical Devices" Medical Information Technology, Medical Software and Health Informatics 3
M Medical Device News FDA's Policies and Procedures Should Better Address Postmarket Cybersecurity Risk to Medical Devices Other US Medical Device Regulations 0
M Medical Device News FDA Releases Draft Recommendations on Premarket Submissions for Management of Cybersecurity in Medical Devices Other US Medical Device Regulations 0
M Medical Device News IMDRF update - 26-09-18 - Cybersecurity, Premarket Reviews, Personalized Devices Other Medical Device Regulations World-Wide 0
M Medical Device News FDA news -11-09-18 - Review of Cybersecurity into Premarket Review Other US Medical Device Regulations 0
Marc New FDA Cybersecurity Guidelines for Medical Devices (Dec 2016) Other US Medical Device Regulations 0
Marc FDA Issues Guidance On Cybersecurity of Medical Devices Other Medical Device and Orthopedic Related Topics 1
Ronen E Cybersecurity for Medical Devices and Hospital Networks Medical Information Technology, Medical Software and Health Informatics 1
howste IAQG News Aerospace Improvement Maturity Model (AIMM) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
T Six Sigma (DfSS in Design & DMAIC in Production) Maturity study Six Sigma 1
E CMMI (Capability Maturity Model Integration) - questions Software Quality Assurance 5
2 Expectations of CMMI High Maturity seem to have become less Ambiguous Software Quality Assurance 1
A Simple Quality Maturity Assessment Tool needed ISO 13485:2016 - Medical Device Quality Management Systems 5
M Using Capability Maturity Model Integrator for Services Quality Manager and Management Related Issues 1
S Crosby's Maturity Grids: New essay on application The Reading Room 1
R CMMI (Capability Maturity Model Integration) - Ever heard CMMI? Software Quality Assurance 5
C ISO 9004 - Self assessment for system maturity - Where do you think you are? Other ISO and International Standards and European Regulations 9
Sidney Vianna Management System Maturity Profile Misc. Quality Assurance and Business Systems Related Topics 1
S How do I learn CMMI (Capability Maturity Model Integration)? Software Quality Assurance 4
M CMMI (capability maturity model) vs. SQA (software quality assurance) vs. ISO 9001 Software Quality Assurance 2
V People Capability Maturity Model - PCMM v 2.0 - Seeking implementation information Other ISO and International Standards and European Regulations 2
V People Capability Maturity Model - PCMM v2.0 - Seeking Procedure Examples Document Control Systems, Procedures, Forms and Templates 1
B Capability Maturity Model (CMM) for Manufacturing Misc. Quality Assurance and Business Systems Related Topics 12
K CMM (Capability Maturity Model) Audits vs. ISO 9001 Internal Audits Software Quality Assurance 16
A Detail info on CMMI - Capability Maturity Model Integration for Software Software Quality Assurance 15
J Who designed the Capability maturity model and approx when? Software Quality Assurance 1
H ISO 9001 / CMMI (SEI's Capablity Maturity Model) mapping - Software development Software Quality Assurance 2
J CMMI - Software 'Capability Maturity Model Integration' and Overlapping Waterfall Software Quality Assurance 1
A Maturity Model of Organisations - Administrative Risk Control And CI Misc. Quality Assurance and Business Systems Related Topics 0
Marc CMMI in Software - Capability Maturity Model Integration Software Quality Assurance 20
P Arena simulation, How can my Arena model have exactly the same output each time I run it? Process Maps, Process Mapping and Turtle Diagrams 0
J UDI-DI how should we interpret Device version or model to determine if a new UDI-DI is needed? EU Medical Device Regulations 0

Similar threads

Top Bottom