The Contracting Education Academy

Contracting Academy Logo
  • Home
  • Training & Education
  • Services
  • Contact Us
You are here: Home / Archives for controlled unclassified information

September 10, 2020 By cs

CMMC auditors about to wrap up training

Highly anticipated audits related to the Pentagon’s new Cybersecurity Maturity Model Certification process are inching closer, with auditors assigned to evaluate companies expected to complete their training by the end of September, according to the official spearheading the initiative.

Industry has been waiting with bated breath for the audits as part of CMMC implementation, which is meant to protect defense industrial base networks and controlled unclassified information from cyberattacks. Contractors will be required to meet different levels of security — Level 1 being the lightest and Level 5 the most stringent — depending on the type of work they are performing. The new rules will require contractors to be certified by third-party auditors to ensure that companies are adhering to certain standards.

Katie Arrington, chief information security officer in the office of the undersecretary of defense for acquisition and sustainment and the Defense Department’s point person on CMMC, said training for the first batch of auditors began Aug. 31.

“We’ll be starting to get some provisional assessors out into the marketplace very soon,” she said Sept. 2 during the Department of the Navy Gold Coast Small Business Procurement Event. The webinar was hosted by the San Diego Chapter of the National Defense Industrial Association. “Within a couple of weeks, we should have some capability out in the environment.”

Keep reading this article at: https://www.nationaldefensemagazine.org/articles/2020/9/2/cmmc-auditors-about-to-wrap-up-training

Filed Under: Government Contracting News Tagged With: auditors, C3PAO, CMMC, CMMC AB, CMMC accreditation, CMMC Accreditation Body, commercial item, commercial products, Congress, controlled unclassified information, COTS, Cybersecurity Maturity Model Certification. DoD, NDIA

August 14, 2020 By cs

Changes to the CMMC Advisory Board as Congress turns up scrutiny of cyber standards

Less than two months after the Cybersecurity Maturity Model Certification (CMMC) advisory board became official, there’s already changes afoot.

Two original members of the advisory board have recently left.  John Weiler, CEO of the IT Acquisition Advisory Committee (IT-ACC), and Jim Goepel, the CEO and general counsel for Fathom Cyber LLC, are no longer listed on the main board of directors section.

Goepel left for personal reasons, while Weiler decided to work with the CMMC AB in a new way.

The change comes as the Senate and House armed services committee members turn up the heat on the CMMC by adding nine  provisions — six from the Senate — in the fiscal 2021 Defense authorization bill.

Keep reading this article at: https://federalnewsnetwork.com/reporters-notebook-jason-miller/2020/08/changes-to-the-cmmc-advisory-board-as-congress-turns-up-scrutiny-of-cyber-standards/

Filed Under: Government Contracting News Tagged With: C3PAO, CMMC, CMMC AB, CMMC accreditation, CMMC Accreditation Body, commercial item, commercial products, Congress, controlled unclassified information, COTS, Cybersecurity Maturity Model Certification. DoD

August 5, 2020 By cs

Pentagon expects 7,500 companies CMMC certified by 2021

The Defense Department anticipates that by next year 7,500 companies in its industrial base will hold certifications that they meet new cybersecurity requirements.

The Cybersecurity Maturity Model Certification version 1.0 requirements are part of the Pentagon’s push to protect industrial base networks and controlled unclassified information from cyber attacks. The CMMC rules will require contractors to be certified by third-party auditors, which will ensure that contractors are adhering to certain standards. Organizations will be required to meet different levels of security requirements depending on the type of work they are doing, with level 1 being the least burdensome and level 5 the most stringent.

An “estimated 7,500 companies will be certified in 2021,” Katie Arrington, chief information security officer in the office of the undersecretary of defense for acquisition and sustainment, said during a webinar hosted by cybersecurity company Celeruim “That doesn’t seem like a lot but if you think about the interconnectivity of the [defense industrial base] it’s a certification that’s good for all DoD contracts for three years.”

By 2026, all solicitations are expected to include CMMC standards that companies must meet if they want to do business with the Pentagon.

Keep reading this article at: https://www.nationaldefensemagazine.org/articles/2020/7/23/pentagon-expects-7500-companies-cmmc-certified-by-2021

Filed Under: Government Contracting News Tagged With: C3PAO, CMMC, CMMC AB, CMMC accreditation, CMMC Accreditation Body, commercial item, commercial products, controlled unclassified information, COTS, Cybersecurity Maturity Model Certification. DoD

July 2, 2020 By cs

Defense information network to host data repository for contractors’ cybersecurity audits, official says

Applications are now available for aspiring assessor organizations, which will also need to have their security certified.

Information about organizations seeking a stamp of approval under the Pentagon’s new Cybersecurity Maturity Model Certification program will be stored on the Department of Defense Information Network, according to the head of the accreditation body working with DOD on the CMMC.

Currently, DOD contractors mostly pledge adherence to requisite cybersecurity practices. The CMMC, taking effect with a rule change expected this fall, will require all defense contractors to have their cybersecurity status audited and certified by an independent third party before they can do business with the department.

The program has raised concerns among some contractors about cybersecurity for the apparatus being set up to manage the certifications and audit data, such as a repository DOD officials will use at the time of award to check whether prospective prime contractors and their associated subcontractors have achieved the necessary certification.

“DOD intends to maintain their instance [of the repository] on the DOD network and we will be responsible for populating that,” said Ty Schieber, chairman of the board for the CMMC accreditation body.

Keep reading this article at: https://www.nextgov.com/cio-briefing/2020/06/defense-information-network-host-data-repository-contractors-cybersecurity-audits-official-says/166375/

Filed Under: Government Contracting News Tagged With: C3PAO, CMMC, CMMC AB, CMMC accreditation, CMMC Accreditation Body, commercial item, commercial products, controlled unclassified information, COTS, cybersecurity, Cybersecurity Maturity Model Certification, DoD

June 26, 2020 By cs

Accreditation body to begin training CMMC auditors

An accreditation body facilitating implementation of the Pentagon’s Cybersecurity Maturity Model Certification (CMMC) version 1.0 has opened up training for third-party auditors, according to an official.

The upcoming cyber requirements are a reflection of the Pentagon’s push to protect defense industrial base networks and controlled unclassified information from cyber attacks.  The CMMC rules will require contractors to be certified by third-party auditors, which will ensure that companies are adhering to certain standards.  As the initiative is phased in, contractors will have to meet different levels of security depending on the work they are performing, with level 1 being the lowest and level 5 the most stringent.

“We are busy doing pathfinders in the DoD. We are getting ready to launch our pilots,” Katie Arrington, chief information security officer in the office of the undersecretary of defense for acquisition and sustainment, said June 24 during a webinar hosted by cybersecurity company PreVeil.  “The Accreditation Body opened the door for training registration for [certified third-party assessor organizations] two days ago.”

The CMMC Accreditation Body was set up to train organizations conducting CMMC compliance assessments on behalf of the Pentagon.

Keep reading this article at: https://www.nationaldefensemagazine.org/articles/2020/6/24/pentagon-to-begin-training-thirdparty-cmmc-auditors

Filed Under: Government Contracting News Tagged With: C3PAO, CMMC, CMMC AB, CMMC accreditation, CMMC Accreditation Body, commercial item, commercial products, controlled unclassified information, COTS, Cybersecurity Maturity Model Certification. DoD

  • 1
  • 2
  • 3
  • Next Page »

Popular Topics

abuse acquisition reform acquisition strategy acquisition training acquisition workforce Air Force Army AT&L bid protest budget budget cuts competition cybersecurity DAU DFARS DHS DoD DOJ FAR fraud GAO Georgia Tech GSA GSA Schedule GSA Schedules IG industrial base information technology innovation IT Justice Dept. Navy NDAA OFPP OMB OTA Pentagon procurement reform protest SBA sequestration small business spending technology VA
Contracting Academy Logo
75 Fifth Street, NW, Suite 300
Atlanta, GA 30308
info@ContractingAcademy.gatech.edu
Phone: 404-894-6109
Fax: 404-410-6885

RSS Twitter

Search this Website

Copyright © 2023 · Georgia Tech - Enterprise Innovation Institute