What Companies selling in Defense Industry must know - my take on CMMC and NetSuite
I have spent my whole career in business processes, ERP and technology along with a good few years in my career in Defense Industry. I have sold to US Defense Institutions and also to Defense Primes. I now work with #teampaapri and we implement #NetSuite for companies. A good number of our customers use NetSuite and also are in Defense Industry. This is what is coming and companies in Defense Industry must know.
The CMMC - Cybersecurity Maturity Model Certification
CMMC is a maturity model that has collection of processes and best practices that is designed to safeguard confidential information against cyber threats. This, as with any other defense related certifications, is complex, but it can be made very easy with right processes, people and technology. CMMC has five levels.
The whole CMMC is new to the defense contractors, but I have been studying this for sometime and believe that #teampaapri along with #NetSuite can do quite a bit, if not all, to get companies CMMC matured.
Here are some examples:
1) NetSuite allows IP level security. This allows companies to limit access to NetSuite from a specified IP range.
2) NetSuite allows 2-Factor authentication. Companies can enable this for any user/role.
3) NetSuite Security is Role Based - Companies can create roles that will allow or disallow users to view or edit confidential information and drawings.
4) NetSuite creates an audit log of anything that happens which includes who logged in to who has changed or opened a transaction or record.
5) Paapri has created NetSuite scripts and workflows to allow approval of certain documents or transactions, all the way to field level. These can also allow companies to be alerted when some documents are accessed.
6) Almost any sort of documents can be generated from NetSuite, so if a document or certificate has to be attached to a First Article, NetSuite can accommodate that.
7) Capture a Signature or have an employee scan his/her badge before or after something happens - Paapri has solutions for that to manage stringent audit controls.
I am a Cloud Evangelist, so naturally my views will be biased, but if a company's entire operating system is on the cloud - as with NetSuite, gone the days of data storing on premise and physical security. I cannot make claims for NetSuite and its security model against Cyberattacks. But this document explains - https://www.netsuite.com/portal/platform/infrastructure/application-security.shtml
If a company is on NetSuite and is thinking of CMMC Certification, #teampaapri can help. If a company is on on-premise software, with NetSuite it would be very easy. Schedule a 30 min consultation with me or email email@example.com and we can help you either way.
Read more about CMMC on https://www.acq.osd.mil/cmmc/draft.html