ABSTRACT
Auditing is becoming an increasingly more important aspect of cybersecurity. In early 2020, the Department of Defense (DoD) announced that they will require 3rd party Cybersecurity Maturity Model Certification (CMMC) audits of their contractors that process DoD data. The CMMC is a certification procedure developed by the DoD to certify contractors have the effective cybersecurity controls to protect data sensitive data. Categories in scope include Federal Contract Information and Controlled Unclassified Information (CUI). More and more industries, companies, and regulators are stepping up and not just trusting but verifying that the cyber controls are in place using effective auditing methods.
