The Contracting Education Academy

Contracting Academy Logo
You are here: Home / Archives for DoD

By

DoD will require vendor cybersecurity certifications by this time next year

The department released a draft maturity model and timeline for new certification requirements for all of the defense industrial base.

The government has stringent processes for verifying the IT products and services it uses comply with relevant cybersecurity standards, such as authorities to operate for cloud services and supply chain regulations for hardware products. But those standards and processes don’t cover the vendors.

For the Defense Department, this is a critical issue, as doing business with industry requires the department to share sensitive information, even at the earliest steps of the process.

The department has been kicking around the idea of creating a certification standard for defense industrial base companies to ensure vendors’ cybersecurity posture was adequate to handle controlled and classified information. That became an official effort in March, and on Sept. 4th the department released the first draft Cybersecurity Maturity Model Certification, or CMMC, outline for public comment.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2019/09/dod-will-require-vendor-cybersecurity-certifications-time-next-year/159702/

 

 

By

HHS’s suspension of acquisition services leaves outside agencies and contractors in limbo

It’s been three months since the department announced it was closing down its shared services operations, and many questions remain unanswered.

The Health and Human Services Department’s decision to wind down its acquisition services for outside agencies has left customers scrambling to fill the void and a number of unanswered questions.

HHS announced in June that it would no longer offer assisted acquisition services for non-HHS customers through its Program Support Center, and gave them until Sept. 30, 2020, to find alternative providers.  The center works for HHS and 19 other agencies on a fee-for-service basis, administering more than $1.4 billion in contracts per year, Federal News Network reported. Also, the department put four officials associated with the Program Support Center on paid leave between April and June, Bloomberg News reported.

“As the result of an internal review that is ongoing, [the Program Support Center] has determined that it does not have the policies, procedures, or internal controls necessary to conduct assisted acquisitions for agencies outside of HHS,” said Melissa McAbee, acting head of contracting at PSC, according to a report in Bloomberg News.  As of mid-June, the center was managing 250 contracts for agencies besides HHS, including the Defense Department and Environmental Protection Agency.

Keep reading this article at: https://www.govexec.com/management/2019/09/hhss-suspension-acquisition-services-leaves-outside-agencies-and-contractors-limbo/159870/

By

The future of continuous evaluation is just about here, and it has a different name

What started as pilot program for the Defense Department and other agencies in the intelligence community will soon become the key piece to the Trump administration’s overhaul of the suitability, credentialing and security clearance process.

The overhaul itself is called the Trusted Workforce 2.0 initiative, and it’s the administration’s attempt to, at last, modernize a security clearance and vetting system that’s badly in need of an update.

The initiative itself will come in the form of several new policies and procedures, which are due sometime near the end of the year, defense and intelligence officials have said. Everything from the type of security clearances themselves to the standards used to investigate and adjudicate clearance holders will change.

And the continuous evaluation concept, the program DoD and others have used to monitor its cleared population and maintain trust with its employees and contractors, will also evolve.

Keep reading this article at: https://federalnewsnetwork.com/workforce/2019/09/the-future-of-continuous-evaluation-is-just-about-here-and-it-has-a-different-name/

 

By

For DoD, innovation isn’t the problem — so what is?

Three officials from varying military offices focused on innovation asserted that the department’s research and development game is strong, it’s the follow-through that causes problems.

The Defense Department doesn’t have an innovation problem, according to three top officials in charge of leading innovation efforts. The military is very good at coming up with new technologies; the problem comes when services try to adopt those new ideas.

The department has a long history of innovating, according to Steven Walker, director of the Defense Advanced Research Projects Agency, or DARPA, which 50 years ago created the networking protocols that would later become the internet.

“The country is innovative,” he said during a panel Wednesday at the 2019 Defense News Conference. “It’s the application of some of that innovation that we struggle with.”

Keep reading this article at: https://www.nextgov.com/cio-briefing/2019/09/dod-innovation-isnt-problem-so-what/159670/

By

DoD releases public draft of Cybersecurity Maturity Model Certification, seeks industry input

On September 4, the Office of the Assistant Secretary of Defense for Acquisition released Version 0.4 of its draft Cybersecurity Maturity Model Certification (CMMC) for public comment. 

The CMMC was created in response to growing concerns by Congress and within DoD over the increased presence of cyber threats and intrusions aimed at the Defense Industrial Base (DIB) and its supply chains.  In its overview briefing for the new model, DoD describes the draft CMMC framework as a “unified cybersecurity standard” for DoD acquisitions that is intended to build upon existing regulations, policy, and memoranda by adding a verification component to cybersecurity protections for safeguarding Controlled Unclassified Information (CUI) within the DIB.

As discussed in a prior post, the model describes the requirements that contractors must meet to qualify for certain maturity certifications, ranging from Level 1 (“Basic Cyber Hygiene” practices and “Performed” processes) through Level 5 (“Advanced / Progressive” practices and “Optimized” processes), with such certification determinations to generally be made by third party auditors.

The CMMC establishes a new framework for defense contractors to become certified as cybersecurity compliant.  DoD has stated that it intends to release Version 1.0 of the CMMC framework in January 2020 and will begin using that version in new DoD solicitations starting in Fall 2020.  Notwithstanding the pendency of these deadlines, a large number of questions remain outstanding.  DoD is seeking feedback on the current version of the model by September 25, 2019.

Keep reading this article at: https://www.insidegovernmentcontracts.com/2019/09/dod-releases-public-draft-of-cybersecurity-maturity-model-certification-and-seeks-industry-input/

Contracting Academy Logo
75 Fifth Street, NW, Suite 300
Atlanta, GA 30308
info@ContractingAcademy.gatech.edu
Phone: 404-894-6109
Fax: 404-410-6885

RSS Twitter