Purdue University Graduate School
Browse
- No file added yet -

ASSESSING COMMON CONTROL DEFICIENCIES IN CMMC NON-COMPLIANT DOD CONTRACTORS

Download (1.63 MB)
thesis
posted on 2022-07-05, 21:04 authored by Vijayaraghavan SundararajanVijayaraghavan Sundararajan

 As cyber threats become highly damaging and complex, a new cybersecurity compliance certification model has been developed by the Department of Defense (DoD) to secure its Defense Industrial Base (DIB), and communication with its private partners. These partners or contractors are obligated by the Defense Federal Acquisition Regulations (DFARS) to be compliant with the latest standards in computer and data security. The Cybersecurity Maturity Model Certification (CMMC), and it is built upon existing DFARS 252.204-7012 and the NIST SP 800-171 controls. As of 2020, the DoD has incorporated DFARS and the National Institute of Standards and Technology (NIST) recommended security practices into what is now the CMMC. This thesis examines the most commonly identified security control deficiencies faced, the attacks mitigated by addressing these deficiencies, and suggested remediations, to 127 DoD contractors in order to bring them into compliance with the CMMC guidelines. By working with a compliance service provider, an analysis is done on how companies are undergoing and implementing important changes in their processes, to protect crucial information from ever-growing and looming cyber threats. 

History

Degree Type

  • Master of Science

Department

  • Information Security

Campus location

  • West Lafayette

Advisor/Supervisor/Committee Chair

James-Eric Dietz

Additional Committee Member 2

James E. Lerums

Additional Committee Member 3

Eugene Spafford