The Contracting Education Academy

Contracting Academy Logo
  • Home
  • Training & Education
  • Services
  • Contact Us
You are here: Home / Archives for CMMC Accreditation Body

October 23, 2020 By cs

DoD’s interim rule adds a new twist to implementing cyber maturity model

The Defense Department released one of the last major pieces to complete the Cybersecurity Maturity Model Certification (CMMC) program puzzle.

The Pentagon issued an interim rule under the Defense Federal Acquisition Regulations on Sept. 29 to add more clarity around the implementation timeline and around the requirements contractors will have to adhere to over the next five years.

One surprise among observers is the new requirements for vendors working at medium or high security levels to undergo an assessment by the government of how they comply with the standards outlined in Special Publication 800-171 from the National Institute of Standards and Technology.

“The assessment uses a standard scoring methodology, which reflects the net effect of NIST SP 800-171 security requirements not yet implemented by a contractor, and three assessment levels (basic, medium and high), which reflect the depth of the assessment performed and the associated level of confidence in the score resulting from the assessment,” the interim rule stated. “A basic assessment is a self-assessment completed by the contractor, while medium or high assessments are completed by the government. The assessments are completed for each covered contractor information system that is relevant to the offer, contract, task order, or delivery order.”

Keep reading this article at: https://federalnewsnetwork.com/defense-industry/2020/09/dods-interim-rule-adds-a-new-twist-to-implementing-cyber-maturity-model/

Filed Under: Government Contracting News Tagged With: CMMC, CMMC accreditation, CMMC Accreditation Body, cybersecurity, Cybersecurity Maturity Model Certification, DFARS, DoD, FAR, federal regulations, NIST, SP 800-171

October 14, 2020 By cs

DoD’s interim rule imposes new assessment requirements but is short on detail on implementation of CMMC

Two weeks ago, the Department of Defense (DoD) released an interim rule that industry hoped would provide clear guidance with regard to DoD’s implementation of its Cybersecurity Maturity Model Certification (CMMC) framework. 

The vast majority of the rule focuses on DoD’s increased requirements for confirming that contractors are currently in compliance with all 110 security controls in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 (NIST 800-171).  The interim rule also includes a clause for adding CMMC as a requirement in a DoD contract, but the clause fails to address many of the questions that industry has with regard to implementation of the CMMC program.

The rule becomes effective November 30, 2020.

DoD has been focused on improving the cyber resiliency and security of the Defense Industrial Base (DIB) sector for over a decade.  The Council of Economic Advisors estimates that malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016.  The interim rule is one of multiple efforts by DoD focused on the broader supply chain security and resiliency of the DIB and builds on existing FAR and DFARS clause cybersecurity requirements.  Increasing security concerns coupled with recent high-profile data breaches have led DoD to move beyond self-certification to auditable verification systems when it comes to protecting sensitive Government information.

Keep reading this article at: https://www.insidegovernmentcontracts.com/2020/10/department-of-defenses-interim-rule-imposes-new-assessment-requirements-but-is-short-on-detail-on-implementation-of-cmmc/

See previous articles on NIST 800-171 and the CMMC here and here respectively.

Filed Under: Government Contracting News Tagged With: CMMC, CMMC accreditation, CMMC Accreditation Body, cybersecurity, Cybersecurity Maturity Model Certification, DFARS, DoD, FAR, federal regulations, NIST, SP 800-171

September 10, 2020 By cs

CMMC auditors about to wrap up training

Highly anticipated audits related to the Pentagon’s new Cybersecurity Maturity Model Certification process are inching closer, with auditors assigned to evaluate companies expected to complete their training by the end of September, according to the official spearheading the initiative.

Industry has been waiting with bated breath for the audits as part of CMMC implementation, which is meant to protect defense industrial base networks and controlled unclassified information from cyberattacks. Contractors will be required to meet different levels of security — Level 1 being the lightest and Level 5 the most stringent — depending on the type of work they are performing. The new rules will require contractors to be certified by third-party auditors to ensure that companies are adhering to certain standards.

Katie Arrington, chief information security officer in the office of the undersecretary of defense for acquisition and sustainment and the Defense Department’s point person on CMMC, said training for the first batch of auditors began Aug. 31.

“We’ll be starting to get some provisional assessors out into the marketplace very soon,” she said Sept. 2 during the Department of the Navy Gold Coast Small Business Procurement Event. The webinar was hosted by the San Diego Chapter of the National Defense Industrial Association. “Within a couple of weeks, we should have some capability out in the environment.”

Keep reading this article at: https://www.nationaldefensemagazine.org/articles/2020/9/2/cmmc-auditors-about-to-wrap-up-training

Filed Under: Government Contracting News Tagged With: auditors, C3PAO, CMMC, CMMC AB, CMMC accreditation, CMMC Accreditation Body, commercial item, commercial products, Congress, controlled unclassified information, COTS, Cybersecurity Maturity Model Certification. DoD, NDIA

August 14, 2020 By cs

Changes to the CMMC Advisory Board as Congress turns up scrutiny of cyber standards

Less than two months after the Cybersecurity Maturity Model Certification (CMMC) advisory board became official, there’s already changes afoot.

Two original members of the advisory board have recently left.  John Weiler, CEO of the IT Acquisition Advisory Committee (IT-ACC), and Jim Goepel, the CEO and general counsel for Fathom Cyber LLC, are no longer listed on the main board of directors section.

Goepel left for personal reasons, while Weiler decided to work with the CMMC AB in a new way.

The change comes as the Senate and House armed services committee members turn up the heat on the CMMC by adding nine  provisions — six from the Senate — in the fiscal 2021 Defense authorization bill.

Keep reading this article at: https://federalnewsnetwork.com/reporters-notebook-jason-miller/2020/08/changes-to-the-cmmc-advisory-board-as-congress-turns-up-scrutiny-of-cyber-standards/

Filed Under: Government Contracting News Tagged With: C3PAO, CMMC, CMMC AB, CMMC accreditation, CMMC Accreditation Body, commercial item, commercial products, Congress, controlled unclassified information, COTS, Cybersecurity Maturity Model Certification. DoD

August 5, 2020 By cs

Pentagon expects 7,500 companies CMMC certified by 2021

The Defense Department anticipates that by next year 7,500 companies in its industrial base will hold certifications that they meet new cybersecurity requirements.

The Cybersecurity Maturity Model Certification version 1.0 requirements are part of the Pentagon’s push to protect industrial base networks and controlled unclassified information from cyber attacks. The CMMC rules will require contractors to be certified by third-party auditors, which will ensure that contractors are adhering to certain standards. Organizations will be required to meet different levels of security requirements depending on the type of work they are doing, with level 1 being the least burdensome and level 5 the most stringent.

An “estimated 7,500 companies will be certified in 2021,” Katie Arrington, chief information security officer in the office of the undersecretary of defense for acquisition and sustainment, said during a webinar hosted by cybersecurity company Celeruim “That doesn’t seem like a lot but if you think about the interconnectivity of the [defense industrial base] it’s a certification that’s good for all DoD contracts for three years.”

By 2026, all solicitations are expected to include CMMC standards that companies must meet if they want to do business with the Pentagon.

Keep reading this article at: https://www.nationaldefensemagazine.org/articles/2020/7/23/pentagon-expects-7500-companies-cmmc-certified-by-2021

Filed Under: Government Contracting News Tagged With: C3PAO, CMMC, CMMC AB, CMMC accreditation, CMMC Accreditation Body, commercial item, commercial products, controlled unclassified information, COTS, Cybersecurity Maturity Model Certification. DoD

  • « Previous Page
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next Page »

Popular Topics

abuse acquisition reform acquisition strategy acquisition training acquisition workforce Air Force Army AT&L bid protest budget budget cuts competition cybersecurity DAU DFARS DHS DoD DOJ FAR fraud GAO Georgia Tech GSA GSA Schedule GSA Schedules IG industrial base information technology innovation IT Justice Dept. Navy NDAA OFPP OMB OTA Pentagon procurement reform protest SBA sequestration small business spending technology VA
Contracting Academy Logo
75 Fifth Street, NW, Suite 300
Atlanta, GA 30308
info@ContractingAcademy.gatech.edu
Phone: 404-894-6109
Fax: 404-410-6885

RSS Twitter

Search this Website

Copyright © 2022 · Georgia Tech - Enterprise Innovation Institute