Highly anticipated audits related to the Pentagon’s new Cybersecurity Maturity Model Certification process are inching closer, with auditors assigned to evaluate companies expected to complete their training by the end of September, according to the official spearheading the initiative.
Industry has been waiting with bated breath for the audits as part of CMMC implementation, which is meant to protect defense industrial base networks and controlled unclassified information from cyberattacks. Contractors will be required to meet different levels of security — Level 1 being the lightest and Level 5 the most stringent — depending on the type of work they are performing. The new rules will require contractors to be certified by third-party auditors to ensure that companies are adhering to certain standards.
Katie Arrington, chief information security officer in the office of the undersecretary of defense for acquisition and sustainment and the Defense Department’s point person on CMMC, said training for the first batch of auditors began Aug. 31.
“We’ll be starting to get some provisional assessors out into the marketplace very soon,” she said Sept. 2 during the Department of the Navy Gold Coast Small Business Procurement Event. The webinar was hosted by the San Diego Chapter of the National Defense Industrial Association. “Within a couple of weeks, we should have some capability out in the environment.”
Keep reading this article at: https://www.nationaldefensemagazine.org/articles/2020/9/2/cmmc-auditors-about-to-wrap-up-training
Two original members of the advisory board have recently left. John Weiler, CEO of the IT Acquisition Advisory Committee (IT-ACC), and Jim Goepel, the CEO and general counsel for Fathom Cyber LLC, are no longer listed on the main board of directors section.
The Cybersecurity Maturity Model Certification version 1.0 requirements are part of the Pentagon’s push to protect industrial base networks and controlled unclassified information from cyber attacks. The CMMC rules will require contractors to be certified by third-party auditors, which will ensure that contractors are adhering to certain standards. Organizations will be required to meet different levels of security requirements depending on the type of work they are doing, with level 1 being the least burdensome and level 5 the most stringent.
Information about organizations seeking a stamp of approval under the Pentagon’s new Cybersecurity Maturity Model Certification program will be stored on the Department of Defense Information Network, according to the head of the accreditation body working with DOD on the CMMC.
The upcoming cyber requirements are a reflection of the Pentagon’s push to protect defense industrial base networks and controlled unclassified information from cyber attacks. The CMMC rules will require contractors to be certified by third-party auditors, which will ensure that companies are adhering to certain standards. As the initiative is phased in, contractors will have to meet different levels of security depending on the work they are performing, with level 1 being the lowest and level 5 the most stringent.
