The Contracting Education Academy

Contracting Academy Logo
You are here: Home / Archives for CMMC accreditation

By

Defense contractor cybersecurity certifiers launching ‘national conversation’ webinars

About 3,500 people have registered for the first of a series of webinars organizers are planning to meet the high demand for knowledge of how the Pentagon’s Cybersecurity Maturity Model Certification program will work.

The CMMC Accreditation Body — newly incorporated as a nonprofit in Maryland — emailed stakeholders last Wednesday touting its activity so far in standing up a system to manage audits of defense contractors’ cybersecurity and outlining the next steps.

Implementation of the CMMC will end the current policy of defense contractors self-attesting their adherence to specific security controls, such as those outlined in National Institute of Standards and Technology Special Publication 800-171.

The program has made many in the industry anxious about exactly what auditors will want to see in order to hand over the certifications necessary to do business with the Defense Department and created an ecosystem of independent third parties eager to profit from the system.

Two weeks ago, Ellen Lord, undersecretary of Defense for acquisitions, issued a statement dispelling claims some were making that they could provide the sought-after certifications.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2020/04/defense-contractor-cybersecurity-certifiers-launching-national-conversation-webinars/164332/

By

Coronavirus will not delay Pentagon’s contractor cybersecurity program, official says

The Defense Department officially entered into an agreement with the nonprofit corporation that will serve as the accreditation body for its Cybersecurity Maturity Model Certification program, the chief information security officer for the department’s acquisition office confirmed. 

“Yesterday the CMMC accreditation body made a public post that we have executed the [memorandum of understanding],”  said Katie Arrington, who is spearheading the program and participated in a webcast on the issue Thursday.

A resolute Arrington sought to quash any idea that the government’s efforts to contain the coronavirus pandemic would delay the Defense Department’s plan to validate contractors’ cybersecurity claims using independent third-party auditors.

“We, all of us that are mission-essential, have been working on COVID-19, but,” she said, “although we are working diligently to ensure we are doing our best in the Department of Defense to save lives, work does continue and we are not slowing our roll at all.”

Arrington and other webinar participants noted the extensive impact the CMMC is expected to make across the federal government, its contractors and international partners.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2020/03/coronavirus-will-not-delay-pentagons-contractor-cybersecurity-program-official-says/164152/

By

Industry on pins and needles as DoD and accreditation body work to finalize CMMC agreement

The Defense Department is one small step away from officially getting the Cybersecurity Maturity Model Certification (CMMC) off the starting blocks.

Ellen Lord, the undersecretary of Defense for Acquisition and Sustainment, is ready to sign off on the memorandum of understanding with the CMMC accreditation body that would jumpstart the training of third-party assessment organizations.

Katie Arrington, the chief information security officer for acquisition at DoD, said the MOU is through the clearance process and is just awaiting Lord’s signature.

Arrington, speaking at the Washington Technology CMMC event in McLean, Virginia on March 13, said once the MOU is signed, the six-month push to begin putting CMMC standards in procurements officially will begin.

“The accreditation board, the Johns Hopkins University Applied Physics Laboratory, Carnegie Mellon University and DoD are going through simulations of training, working through the kinks,” she said. “The first session of classes will actually be a lot of the proof in the pudding, and DoD will be there to help through this. This is new so we want to make sure we get it right.”

Keep reading this article at: https://federalnewsnetwork.com/reporters-notebook-jason-miller/2020/03/industry-on-pins-and-needles-as-dod-accreditation-body-to-finalize-cmmc-agreement/

By

U.S. allies considering adopting Pentagon’s CMMC cybersecurity standards

Foreign partners are considering adopting new cybersecurity standards that industry must eventually adhere to if they want to do business with the Pentagon, the Defense Department’s top weapons buyer said recently.

Cybersecurity Maturity Model Certification version 1.0, or CMMC, was released in January. The aim of the initiative is to prod the defense industrial base to better protect its networks and controlled unclassified information against cyberattacks and theft by competitors such as China.  The lower tier of the supply chain is of particular concern to Pentagon officials.

The specific standards that must be met will depend on the program and work that a company will be doing.  The level 1 standards will be the least demanding and level 5 the most burdensome.

Third-party assessors, known as C3PAOs, will be trained and approved by a new accreditation body.  They will have to certify that a company has met the CMMC standards before it can win contracts.

The new model will be phased in over the next five years to give contractors time to adjust.  By fiscal year 2026, all new Defense Department contracts will contain CMMC requirements that companies must meet to win the award.

Now, foreign nations are considering following in the Pentagon’s footsteps, Undersecretary of Defense for Acquisition and Sustainment Ellen Lord said at the annual McAleese & Associates defense programs conference in Washington, D.C.

Keep reading this article at: https://www.nationaldefensemagazine.org/articles/2020/3/4/us-allies-considering-adopting-pentagons-new-cybersecurity-standards-for-industry

Contracting Academy Logo
75 Fifth Street, NW, Suite 300
Atlanta, GA 30308
info@ContractingAcademy.gatech.edu
Phone: 404-894-6109
Fax: 404-410-6885

RSS Twitter