The Contracting Education Academy

Contracting Academy Logo
  • Home
  • Training & Education
  • Services
  • Contact Us
You are here: Home / Archives for CMMC accreditation

December 8, 2020 By cs

What DoD’s cyber certification program reveals about info-sharing challenges

As the new regime takes effect, the tech industry’s lead trade association would rather higher level certifications be done by the department than independent third parties.

The Information Technology Industry Council is arguing that the foundation of U.S. cybersecurity policy — information sharing between organizations — presents a security threat that is too costly for many to address in response to a rule implementing the Pentagon’s Cybersecurity Maturity Model Certification Program.

The CMMC program was designed to change the Defense Department’s practice of having contractors simply attest to their own level of cybersecurity and institute a system of third-party auditors to validate required practices are in place.

The department’s Defense Contract Management Agency currently conducts audits of contractors’ cybersecurity through Defense Industrial Base Cybersecurity Assessment Center, or DIBCAC, assessments.  But Katie Arrington, the DoD official heading up the CMMC program, said a new ecosystem of private third-party assessors is necessary to scale such reviews across all of the approximately 300,000 companies the department relies on.

Organizations hoping to work with the Defense Department would be required to obtain certification through an accreditation body that entered into a no-cost contract with the Defense Department on Nov. 25.  The currently all-volunteer organization will be funded through fees it receives from assessors it trains to conduct audits and individuals it approves as qualified to consult with prospective contractors on CMMC requirements.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2020/12/what-dods-cyber-certification-program-reveals-about-info-sharing-challenges/170400/

Filed Under: Government Contracting News Tagged With: CMMC, CMMC AB, CMMC accreditation, CMMC Accreditation Body, contractor information systems, cybersecurity, Cybersecurity Maturity Model Certification, DCMA, Defense Industrial Base Cybersecurity Assessment Center, DFARS, DIBCAC, DoD, FAR, federal regulations, NIST, SP 800-171

December 4, 2020 By cs

Pentagon ready to name first 15 ‘pathfinder’ contracts for CMMC

It’s a significant week for the Defense Department’s Cybersecurity Maturity Model Certification program: New rules that serve as a precursor to the full CMMC implementation took effect on Tuesday, and an announcement of the first 15 contracts that will serve as “pathfinders” for the new model are imminent.

That initial set of procurements would represent the first real-world use of CMMC, the program the department has been building for the past year-and-a-half to shore up the cybersecurity of its industrial base.  So far, DoD acquisition officials have only applied the model to contracts in non-punitive tabletop exercises, and without publicly identifying the contracts involved.

The department expects to name the first 15 pathfinders within “the next few days,” Katie Arrington, the chief information security officer in DoD’s acquisition and sustainment office told an industry conference.  The announcement has been highly-anticipated as the defense industry waits to see how many vendors could be impacted by the initial pathfinder process.

Meanwhile, earlier this week, two precursors to the full CMMC rollout took effect — part of a sweeping rule change DoD promulgated in September to implement the program.  Going forward, almost all vendors bidding on new contracts will have to log into a web portal and attest to which specific security controls in NIST Special Publication 800-171 they’re currently complying with.

Keep reading this article at: https://federalnewsnetwork.com/defense-main/2020/12/pentagon-ready-to-name-first-15-pathfinder-contracts-for-cmmc/

Filed Under: Government Contracting News Tagged With: CMMC, CMMC AB, CMMC accreditation, CMMC Accreditation Body, contractor information systems, cybersecurity, Cybersecurity Maturity Model Certification, DCMA, Defense Industrial Base Cybersecurity Assessment Center, DFARS, DIBCAC, DoD, FAR, federal regulations, NIST, SP 800-171

November 24, 2020 By cs

DoD contractors: Will you be ready for CMMC on Nov. 30?

Responding to fundamental concerns about the cybersecurity of its private sector supply chain, the Department of Defense (DoD) will begin requiring at the end of this month all of its contractors to comply with a complex and demanding new cybersecurity framework.

Starting on November 30, 2020, contractors working for the DoD will need to comply with the long-anticipated Cybersecurity Maturity Model Certification (CMMC).  This mandatory requirement will be a go/no-go criterion for eligibility for many DoD contracts.

Issued on September 29, 2020 the interim rule, amends the Defense Federal Acquisition Regulation Supplement (DFARS) to establish the DoD Assessment Methodology for contractor cybersecurity certification and implement the CMMC program.

What is the DoD Assessment Methodology?

The DoD Assessment Methodology requirement was developed to address perceived flaws in the self-assessment process.  Currently, under DFARS clause 252.204-7012, contractors must self-certify their compliance with the cybersecurity requirements of NIST SP 800-171 to “covered contractor information systems,” which are generally those that store, process, generate, transmit or access “covered defense information.” Through the interim rule, the DoD Assessment Methodology rates contractor cybersecurity levels as Basic, Medium or High based on the contractor’s implementation of the 110 controls identified under the National Institutes of Standards and Technology (NIST) Special Publication (SP) 800-171.

Keep reading this article at: https://www.mondaq.com/unitedstates/security/1003266/defense-department-contractors-will-you-be-ready-for-cmmc-on-november-30

Filed Under: Government Contracting News Tagged With: CMMC, CMMC AB, CMMC accreditation, CMMC Accreditation Body, contractor information systems, cybersecurity, Cybersecurity Maturity Model Certification, DFARS, DoD, FAR, federal regulations, NIST, SP 800-171

November 9, 2020 By cs

DoD’s first agreement with accreditation body on contractor cybersecurity nears end

Lead official grapples with the challenge of resourcing a federally funded research and development center to act as a gateway for the Pentagon’s certification program. 

The Defense Department is on the cusp of signing a new agreement with the volunteer organization that has been training auditors for its Cybersecurity Maturity Model Certification program, according to DoD’s Katie Arrington, who is leading its implementation.

“They have come light years. We have done two provisional training classes—they’re actually in the middle of the third,” Arrington said during a webinar Tuesday hosted by NeoSystems LLC.  “We in the Department of Defense, are, I think today we finalize the statement of work with them. We had a [memorandum of understanding] previously. We’ve been working on a SOW with the no-cost contract to the AB for five years plus.”

The CMMC, as described in an interim rule now up for comment, was designed to replace the current system of DoD taking contractors at their word regarding cybersecurity practices with one that would require third-party verification that such practices are up to snuff.

In March, the DOD signed an MOU with the volunteer group, which is called the CMMC Accreditation Body, or AB. Under that agreement, the AB was responsible for establishing a “CMMC standard” that would guide its certification of companies seeking to do work with the DoD, based on the department’s tiered model of cybersecurity controls.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2020/10/dods-first-agreement-accreditation-body-contractor-cybersecurity-nears-end/169602/

Filed Under: Government Contracting News Tagged With: CMMC, CMMC accreditation, CMMC Accreditation Body, cybersecurity, Cybersecurity Maturity Model Certification, DFARS, DoD, FAR, federal regulations, NIST, SP 800-171

October 26, 2020 By cs

DoD’s CMMC remains stuck in drama, confusion and concern

Industry experts continue to raise serious concerns about the way forward for the Defense Department’s cybersecurity maturity model certification (CMMC) program.

A technology industry representative told reporters on Oct. 20th that the interim rule DoD published in September didn’t offer enough clarity about the certification process, the costs to become certified and whether there will be reciprocity with other cyber standards. Comments on the interim rule are due Nov. 30 and so far more than two dozen people or organizations have submitted analysis.

The official said they are raising these concerns now because DoD is acting with some urgency to get the program rolled out with the release of the interim rule despite repeated attempts by industry and others to raise these problems.

“The interim rule in September addresses some of these concerns and it adds additional information around the requirements around National Institute of Standards and Technology Special publication 800-171, but it doesn’t really address all of them,” said the technology industry representative, who requested anonymity in order to talk candidly about the CMMC program so as not to hurt their relationship with DoD, during the conference call.

Keep reading this article at: https://federalnewsnetwork.com/defense-industry/2020/10/dods-cmmc-remains-stuck-in-drama-confusion-and-concern/

Filed Under: Government Contracting News Tagged With: CMMC, CMMC accreditation, CMMC Accreditation Body, cybersecurity, Cybersecurity Maturity Model Certification, DFARS, DoD, FAR, federal regulations, NIST, SP 800-171

  • « Previous Page
  • 1
  • 2
  • 3
  • 4
  • …
  • 6
  • Next Page »

Popular Topics

abuse acquisition reform acquisition strategy acquisition training acquisition workforce Air Force Army AT&L bid protest budget budget cuts competition cybersecurity DAU DFARS DHS DoD DOJ FAR fraud GAO Georgia Tech GSA GSA Schedule GSA Schedules IG industrial base information technology innovation IT Justice Dept. Navy NDAA OFPP OMB OTA Pentagon procurement reform protest SBA sequestration small business spending technology VA
Contracting Academy Logo
75 Fifth Street, NW, Suite 300
Atlanta, GA 30308
info@ContractingAcademy.gatech.edu
Phone: 404-894-6109
Fax: 404-410-6885

RSS Twitter

Search this Website

Copyright © 2022 · Georgia Tech - Enterprise Innovation Institute