Home /
Articles /
NIST 800-171, CMMC, DIBCAC, JSVA, CUI - Jaco Aerospace Qualified Distributor
CMMC & DIBCAC Cybersecurity Compliance
Understanding NIST 800-171, JSVA, and CUI protection for Department of Defense contractors
Jaco Aerospace achieved a perfect JSVA score of 110 out of 110, earning both CMMC Level 2 and DIBCAC High certification — demonstrating our commitment to the highest cybersecurity standards for protecting Controlled Unclassified Information (CUI). |  (1).jpeg) |
110/110 Perfect JSVA Score | | Level 2 CMMC Certified | | DIBCAC High Highest Assessment Score |
Glossary of Defense Cybersecurity Terms
Is your head spinning? Understanding what this recipe of acronyms means for you and cybersecurity compliance requirements can help you comprehend how organizations protect sensitive information, especially when dealing with the U.S. Department of Defense (DoD).
Jaco Aerospace's Perfect JSVA Score
As a woman-owned small business, Jaco Aerospace completed the Joint Surveillance Voluntary Assessment (JSVA) with a perfect score of 110, demonstrating our rigorous adherence to security protocols. This in-depth assessment was conducted by the DCMA Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) alongside a CMMC Certified 3rd Party Assessment Organization (C3PAO) for the CMMC program. It confirmed our adherence to the 110 cybersecurity standards outlined in NIST SP 800-171, affirming our capability to protect Controlled Unclassified Information (CUI). This achievement highlighted our early compliance and earned us a "DIBCAC high" score, qualifying us for automatic CMMC Level 2 Certification advancement.
Our dedication to meticulous preparation over the years led to our flawless performance in the JSVA. As DIBCAC noted, we were the smallest organization they assessed. Yet, we presented one of the most robust compliance packages they had seen, implementing a comprehensive cybersecurity program without needing any corrective action plans.
Key Achievement: Jaco Aerospace was the smallest organization assessed by DIBCAC, yet presented one of the most robust compliance packages — passing with zero corrective action plans required. |
Adhering to the CMMC is crucial for safeguarding CUI, which is essential for national security. Our completion of the JSVA places us among the select few organizations prepared to engage in new contracts under the CMMC Level 2 Certification requirement. This readiness is supported by our existing compliance with NIST 800-171, AS9120 certifications, and ITAR capabilities, underscoring our commitment to upholding the highest security standards for the Department of Defense.
The CMMC framework's full integration into DoD contracts is anticipated by 2025. This initiative will enhance how government contractors and subcontractors protect CUI across their networks and systems.
Securing CUI is like mailing a valuable gift; it requires meticulous packing and careful handling, as prescribed by NIST SP 800-171 and CMMC guidelines. DIBCAC's role resembles that of a postal inspector, ensuring our compliance with these security protocols before dispatch. The JSVA is a collaborative effort with the DoD to verify and improve our cybersecurity practices, like inviting an expert to help secure a package. This collective approach to cybersecurity ensures that sensitive information is managed securely, akin to ensuring a valuable parcel is delivered safely and intact.
Understanding CMMC, NIST 800-171, DIBCAC & JSVA
What is Cybersecurity Maturity Model Certification (CMMC)?Purpose: CMMC is a standard that ensures all companies doing business with the DoD have adequate cybersecurity measures. It's designed to protect Controlled Unclassified Information (CUI) that flows through the defense industrial base. Levels: There are different levels of certification, ranging from Level 1 to Level 3, with each level representing a step up in security, sophistication, and robustness. The higher the level, the more stringent the security measures a company must have in place. Assessment: Before being awarded DoD contracts, companies must pass an evaluation by certified third-party assessors to prove they meet the required cybersecurity maturity level. |
What is NIST SP 800-171?Purpose: This is a set of standards developed by the National Institute of Standards and Technology (NIST) to protect the confidentiality of CUI when processed, stored, and used in non-federal information systems and organizations. Requirements: NIST SP 800-171 outlines requirements that organizations must fulfill in areas like access control, incident response, and system and information integrity. These are less about specific technologies and more about managing risk and securing sensitive data. Compliance: Organizations must self-assess and ensure they comply with these requirements to work with the federal government. It's a part of showing they are serious about cybersecurity. |
What is the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC)?The DIBCAC is a branch of the Defense Contract Management Agency (DCMA) that audits and evaluates defense contractors' cybersecurity practices to ensure compliance with required standards, such as NIST SP 800-171. DIBCAC's assessments validate the security measures contractors claim to have, guaranteeing that these measures effectively safeguard sensitive defense information, including CUI. |
What is a Joint Surveillance Voluntary Assessment (JSVA)?The JSVA is a cooperative initiative where contractors voluntarily partner with the Department of Defense (DoD) to assess their cybersecurity posture. This helps both parties to understand and manage the risks associated with CUI and other sensitive information. In a JSVA, teams consisting of members from both the contractor and the DoD review the implementation of cybersecurity practices and controls. This collaborative approach enhances the security of information systems through shared insights and proactive management. |
Cybersecurity Compliance Requirements for DoD ContractorsGeneral Idea: Organizations must follow these rules and standards to protect information from cyber threats. Compliance is crucial for securing sensitive information and maintaining trust in the digital age. Scope: Depending on the data handled and the sector in which the organization operates, compliance might include adhering to standards like CMMC, NIST 800-171, GDPR, or HIPAA. Benefits: In addition to protecting data, compliance helps organizations improve their security practices, build customer trust, and avoid penalties for non-compliance. |
Why Cybersecurity Compliance Matters
Think of cybersecurity compliance like the safety inspections required for cars. Just as vehicles must meet specific safety standards before being driven, organizations must meet particular cybersecurity standards before working with the DoD or handling sensitive information. CMMC and NIST SP 800-171 are specific checklists of what safety features and practices need to be in place, ranging from essential locks (low-level requirements) to advanced alarm systems (high-level requirements). Compliance ensures that all parts of the 'vehicle' (the company's cyber infrastructure) are in good working order to prevent data breaches and protect national security.
Securing CUI is like handling a valuable package that needs special wrapping and handling instructions. DIBCAC is like a quality control inspector who checks that the business follows all the rules for packaging and handling correctly. JSVA is akin to a collaborative safety drill where the shipping company and inspector work together to find the best safe and secure delivery methods.
Organizations must meet specific cybersecurity standards such as CMMC and NIST SP 800-171 to protect such valuable 'packages.' Compliance with these standards helps prevent data breaches, safeguard national security, and maintain trust in digital interactions.