The Contracting Education Academy

Contracting Academy Logo
You are here: Home / Archives for manufacturing

By

CMMC: The dramatic year of the Pentagon’s contractor cybersecurity program

In 2020, an ambitious Defense Department effort to account for its suppliers’ cybersecurity had many in the community kicking and screaming in tow, but represents a new collective policy thrust that won’t be dismissed.  

The program, led by Katie Arrington, the chief information security officer for Defense acquisitions, is based on the idea that the government should incorporate security standards into its contract administration.

Arrington’s presentations on the program often include an estimate of how much is lost each year through cyber disruptions — $600 billion, according to research cited in the DOD’s answers to frequently asked questions about the program — and highlight intellectual property theft by China.

Before the idea of CMMC, companies within the defense industrial base simply pledged their adherence to cybersecurity practices outlined by the National Institute of Standards and Technology. A 2015 rule required Defense contractors to report cyber incidents and to provide “adequate security” using NIST Special Publication 800-171 to protect covered information. But it wasn’t until summer 2019 that the Defense Department started checking whether companies were implementing the standard.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2021/01/cmmc-dramatic-year-pentagons-contractor-cybersecurity-program/171084/

By

CMMC model tweaks coming after industry feedback

The foundation of the Cybersecurity Maturity Model Certification (CMMC) — the Department of Defense’s new cyber requirements for contractors — will see some coming changes, its leaders recently said.

The DOD will make alterations to the highest level of the five-tier security model after receiving public comments on the recently issued CMMC Defense Federal Acquisition Regulation System rule.

The department issued an “interim final” rule in September instead of first issuing a proposed rule, which meant the rule took effect upon publication. But there was still a 60-day comment period for industry to weigh in. The Office of Management and Budget, which hosts the council overseeing acquisition rules, allowed for this because of “the threat to national security” embedded in supply chain vulnerabilities, Jessica Maxwell, a DoD spokeswoman said in a statement.

Keep reading this article at: https://www.fedscoop.com/cmmc-model-assessment-guide-to-get-tweaks-after-feedback-from-industry/

 

By

CMMC implementation creates issues for ‘shop floors’

As of Nov. 30, defense contractors and suppliers are required to comply with an interim rule that strengthens implementation of the Cybersecurity Maturity Model Certification (CMMC), which is designed to protect controlled unclassified information from hackers.

In December, the Legal and Policy Committee of the National Defense Industrial Association’s Cybersecurity Division hosted the second in a four-part series of tabletop exercises to dry run the implementation and highlight areas where special attention may be needed.  This exercise focused specifically on the implications for manufacturers in defense supply chains, probing deeper into issues from the first exercise, held in October.

Controlled unclassified information, or CUI, needs to be protected not only in enterprise information systems, but also in shop floor networks and systems where technical data may be at risk. The Defense Federal Acquisition Regulation Supplement 252.204-7012 clause that established CMMC mandates use of 110 security requirements defined by National Institute of Standards and Technology Special Publication 800-171 that are appropriate for information technology systems, but in many instances, not appropriate for operational technology systems as found in manufacturing facilities.

Manufacturing systems are capital investments expected to last 20 years or more.  Many run old operating systems that do not support patches or encryption.  Updates are expensive and rare.  Efficiency requires connectivity and safety requires easy, rapid access.  Workarounds are possible, but smaller manufacturers may need help in implementing them.

Keep reading this article at: https://www.nationaldefensemagazine.org/articles/2021/1/29/cmmc-implementation-creates-issues-for-shop-floors

By

Takeaways from DoD’s proposed changes to certain sourcing restrictions

Pursuant to Sections 817 and 881(b) of the FY 2017 National Defense Authorization Act (NDAA), the Department of Defense (DoD) recently issued a proposed rule to amend certain sourcing restrictions found in DFARS subpart 225.70 and related clauses. 

Specifically the proposed rule would amend the DFARS to:

  • Extend the Berry Amendment’s domestic sourcing restrictions to the acquisition of certain athletic footwear for members of the Armed Forces, when the procurement is valued at or below the simplified acquisition threshold [Section 817], and
  • Recognize that Australia and the United Kingdom of Great Britain and Northern Ireland (the UK) are now members of the National Technology Industrial Base (“NTIB”), thereby permitting the United States to acquire certain items (that are subject to the sourcing restrictions in 10 U.S.C. 2534) if they are manufactured in the UK, Australia, Canada or the United States [Section 881(b)].

Keep reading this article at: https://www.insidegovernmentcontracts.com/2018/10/takeaways-dods-proposed-changes-certain-sourcing-restrictions/

By

Navy’s top acquisition priority stumbles out of the gate

The U.S. Navy’s $122.3 billion Columbia-class ballistic missile submarine program is off to an inauspicious start after faulty welding was discovered in several missile tubes destined for both the Columbia and Virginia-class programs, as well as the United Kingdom’s follow-on SSBN program.
The future ballistic missile submarine Columbia, the lead boat in the next generation of nuclear missile boats. (drawing courtesy of US Navy)

In all, 12 missile tubes manufactured by BWXT, Inc., are being scrutinized for substandard welds. Seven of the 12 had been delivered to prime contractor General Dynamics Electric Boat and were in various stages of outfitting, and five were still under construction. The Navy and Electric Boat have launched an investigation, according to a statement from Naval Sea Systems Command spokesman Bill Couch.

 

“All BWXT welding requiring volumetric inspection has been halted until the investigation is complete,” Couch said.

The bad welds came to light after discrepancies were discovered with the equipment BWXT used to test the welds before shipping them to GDEB, according to a source familiar with the issue.

The discovery of a significant quality control issue at the very outset of fabrication of Columbia injects uncertainty in a program that already has little room for delays. The issue is made even more troubling because it arises from a vendor with an excellent reputation, and raises questions about whether the Navy can deliver Columbia on time, something the Navy says is vital to ensuring continuous nuclear deterrent patrols as the Ohio class reaches the end of its service life.

Keep reading this article at: https://www.defensenews.com/breaking-news/2018/08/06/the-us-navys-top-acquisition-priority-stumbles-out-of-the-gate-after-bad-welds-discovered-in-missile-tubes/

Contracting Academy Logo
75 Fifth Street, NW, Suite 300
Atlanta, GA 30308
info@ContractingAcademy.gatech.edu
Phone: 404-894-6109
Fax: 404-410-6885

RSS Twitter