미국 CMMC 제도 대응을 위한 통합실태조사 제도 개선 연구

Abstract

Recently, thanks to the rapidly growing K-defense industry, Korea's defense industry is rising as one of the world's top 10 powerhouses, and insider information leakage and cyber hacking attacks targeting core defense industry technologies are continuously increasing. The need for defense technology protection is increasing. In response, the government enacted the Defense Industrial Technology Protection Act and conducted annual integrated fact-finding surveys on defense companies to check their cyber security systems. Meanwhile, the US government, which holds the leadership in the defense industry market, is threatening the growth of the domestic defense industry by implementing the CMMC (Cyber Security Maturity Model Certification) system and planning to require CMMC certification from companies in other countries. In this paper, an integrated fact-finding survey improvement model was designed through the analysis of the integrated fact-finding survey checklist and CMMC control items that investigate the cyber security reality of the defense industry, and a solution was proposed for elements not included in CMMC, and the CMMC system was implemented in Korea. Suggested countermeasures for a soft landing. The government and academia are reviewing various policy measures to respond to the US CMMC, such as preparing the K-CMMC certification system. Therefore, this study is expected to help settle the K-CMMC system in the future.