Achieving CMMC Compliance

The exfiltration of unclassified data poses a critical threat to the U.S. Department of Defense (DoD), jeopardizing national defense and costing the economy up to $600 billion annually. To counteract this, the DoD initiated the Cybersecurity Maturity Model Certification (CMMC) Program, aimed at safeguarding the defense industrial bases (DIB) from evolving and sophisticated cyber threats. Keysight plays a key role in helping defense contractors achieve CMMC security compliance.

CMMC enables defense contractors and subcontractors to comply with information protection requirements for Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). It emphasizes protection at a level commensurate with the risk from cybersecurity threats, including advanced persistent threats. CMMC, introduced on Dec. 26, 2023, streamlines the program, reducing maturity levels from five down to three, allowing contractors to perform self-assessments for some levels. CMMC aligns directly with National Institute of Standards and Technology (NIST) Special Publications 800-171 Rev.2 and 800-172. The three CMMC levels are: 1) Foundational, for organizations with FCI, requiring annual self-assessment, certification, and affirmation 2) Advanced, for those managing CUI, necessitating implementation of 110 cybersecurity controls, aligned with NIST SP 800–171 Rev 2 and 3) Expert, that addresses organizations with high-priority CUI, adding 24 enhanced practices based on NIST SP 800-172, and requires government-issued assessments every three years.

Defense contractors must prepare for CMMC, as it becomes a requirement for all defense contracts starting October 1, 2026. Non-compliance can result in exclusion from future contracts and breach of existing contracts. Keysight offers comprehensive support for CMMC compliance at every level with products that include Threat Simulator, Cyber Range, network packet brokers, and others. Threat Simulator automates security assessments, facilitating nuanced testing and repeatability which allows teams to continuously test control points to improve their security posture. Keysight’s network packet brokers meet the highest security standards and ensure NIST 800-171 Rev.2 and 800-172 compliance by sending accurate network data to analysis tools. Keysight Cyber Range, a cybersecurity operations platform aids in CMMC requirements and workforce preparation, offering a hyper-realistic, live-fire cyber range for simulated real-world attacks with hands on training for security teams. Aerospace and defense professionals choose Keysight to address access control, awareness and training, audits and accountability, configuration management, incident response, risk assessment, security assessment, and system communications protection.

Keysight’s long history in aerospace and defense supports critical areas such as chipset design, networking, IoT, and security. The broad Keysight portfolio spans from secure military communications to 5G that enables engineers to push the limits in various defense domains. This whitepaper provides the details necessary to initiate the certification process today with Keysight as your CMMC compliance partner. As a trusted ally, Keysight is dedicated to securing your sensitive information to ensure the continuity of DoD business for U.S. Government contractors.