Defense contractors should expect to see new Cybersecurity Maturity Model Certification (CMMC) version 1.0 requirements in requests for proposals released in November, according to Katie Arrington, chief information security officer in the office of the undersecretary of defense for acquisition and sustainment.
The requirements are a reflection of the Pentagon’s push to protect defense industrial base networks and controlled unclassified information from cyber attacks. The CMMC rules will require contractors to be certified by third-party auditors, which will ensure that companies are adhering to certain standards. Organizations will be required to meet different levels of security, with level one being the lowest and level five the most stringent.
“We understand this is a big cultural shift and we want to ensure that we’re doing everything we can to bring our small business partners right along with us,” she said at the annual Special Operations Forces Industry Conference, which is being held virtually this year due to COVID-19 safety concerns. “We are working on different plans and strategies to help.”
For instance, contractors bidding on a program may not need to have their CMMC certifications until the time of contract award, she noted at the vSOFIC event, which is hosted by the National Defense Industrial Association on behalf of U.S. Special Operations Command.
Keep reading this article at: https://www.nationaldefensemagazine.org/articles/2020/5/11/new-cmmc-rules-for-defense-contractors-to-come-in-november