NIST | The Contracting Education Academy

February 2, 2021 By cs

DoD’s cybersecurity certification requirements to appear in DHS contracts

The Department of Defense is figuring out how to incorporate its Cybersecurity Maturity Model Certification (CMMC) program in contracts offered by the Department of Homeland Security, according to the official helming the initiative.

The CMMC program will ultimately require all defense contractors have their cybersecurity practices certified by a system of independent third party auditors. As it is now, companies simply pledge their adherence to security controls detailed in standards issued by the National Institute of Standards and Technology.

Rules to implement the program are expected to be finalized as early as next month and have caused some heartburn within the contracting community. But the program is being rolled out in phases — 15 prime contractors, and all their subcontractors, are being selected to undergo assessments this year — and won’t be fully applicable until 2025.

That led one participant during a virtual meeting hosted by the Armed Forces Communications & Electronics Association Thursday to suggest organizations might even want to deprioritize complying with the CMMC’s requirements.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2021/01/dods-cybersecurity-certification-requirements-appear-dhs-contracts/171551/

January 8, 2021 By cs

NIST selects 4 awardees for metals-based 3D printing research

The U.S. Department of Commerce’s National Institute of Standards and Technology has awarded nearly $4 million in grants to help accelerate the adoption of new measurement methods and standards to advance U.S. competitiveness in metals-based additive manufacturing (AM).

Georgia Tech Research Corp., the University of Texas at El Paso, Purdue University and Northeastern University will each receive either nearly or exactly $1 million in grants under the Metals-Based Additive Manufacturing Grants Program.

Additive manufacturing typically creates parts and components by building them layer by layer, based on a 3D computer model that is virtually sliced into many thin layers. Metals-based additive processes form parts by melting or sintering material in powder form. The process offers advantages such as reduced material waste, lower energy intensity, reduced time to market and just-in-time production.

Through its own research and with these grants, NIST is addressing barriers to adoption of additive manufacturing, including surface finish and quality issues, dimensional accuracy, fabrication speed, material properties and computational requirements.

The following organizations will receive NIST Metals-Based Additive Manufacturing Grants Program funding to be spent over two years:

Georgia Tech Research Corporation ($1 million)
This project will analyze detailed data gathered during a powder bed fusion process to both control the manufacturing and predict the final properties of the manufactured parts. The goal is to establish a comprehensive basis to qualify, verify and validate parts produced by this technique. The initial focus will be on an alloy of titanium that could see extensive applications in the health care and aerospace sectors.

University of Texas at El Paso ($1 million)
This project will define a test artifact that will standardize the collection of data on the process inputs and performance of parts made via laser powder bed fusion, an important method of metals-based AM. Academic, government and industrial partners will replicate the artifact and collect data on the key inputs to the process and the resulting properties of the artifact for a data repository. The work will lead to a greater understanding of the AM process and will allow for greater confidence in final parts.

Purdue University ($999,929)
Qualification of parts made by AM now requires an extensive set of tests. This project aims to reduce that burden by developing a standardized approach to predict key performance properties through measurements of material microstructures and the use of mathematical models. The work promises to create a streamlined method for industry to understand part performance with less testing than is currently required.

Northeastern University ($999,464)
This project aims to improve sensing approaches and create a suite of sensor technologies that will help optimize cold spray additive manufacturing. Cold spray AM processes have the potential to create parts that are more durable and stronger than those made with other AM processes. New sensors will help characterize the properties of the powder feedstock and the key parameters of the process, such as temperatures and part dimensions, and allow for better control of this promising technique.

In addition to these awards, NIST anticipates funding additional projects as part of a second phase of awards in the first half of 2021.

NIST, a nonregulatory agency of the U.S. Department of Commerce, promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards and technology in ways that enhance economic security and improve our quality of life.

Source: https://www.nist.gov/news-events/news/2020/12/nist-awards-nearly-4-million-support-metals-based-additive-manufacturing

December 24, 2020 By cs

Pentagon announces 7 procurements to test out new CMMC process

The Defense Department on Thursday disclosed the first seven contracts that are likely to be the initial test cases for the Cybersecurity Maturity Model Certification (CMMC) program, DoD’s new approach to shoring up its suppliers’ IT security.

The department stopped short of a full commitment to subject the forthcoming Navy, Air Force and Missile Defense Agency procurements to CMMC’s requirements.

In a statement, DoD said only that they are “candidates” under consideration to serve as pathfinders.

The projects, as described by the Pentagon, are:

Navy

Integrated Common Processor
F/A-18E/F Full Mod of the SBAR and Shut off Valve
Yard services for the Arleigh Burke Class destroyer

Air Force

Mobility Air Force Tactical Data Links
Consolidated Broadband Global Area Network Follow-On
Azure Cloud Solution

Missile Defense Agency

Technical Advisory and Assistance Contract

The department did not immediately provide further details on the procurements beyond the descriptions above, but said each of the contracts are expected to be awarded in fiscal 2021.

Keep reading this article at: https://federalnewsnetwork.com/defense-main/2020/12/pentagon-reveals-first-contracts-to-serve-as-pathfinders-for-cmmc/

December 8, 2020 By cs

What DoD’s cyber certification program reveals about info-sharing challenges

As the new regime takes effect, the tech industry’s lead trade association would rather higher level certifications be done by the department than independent third parties.

The Information Technology Industry Council is arguing that the foundation of U.S. cybersecurity policy — information sharing between organizations — presents a security threat that is too costly for many to address in response to a rule implementing the Pentagon’s Cybersecurity Maturity Model Certification Program.

The CMMC program was designed to change the Defense Department’s practice of having contractors simply attest to their own level of cybersecurity and institute a system of third-party auditors to validate required practices are in place.

The department’s Defense Contract Management Agency currently conducts audits of contractors’ cybersecurity through Defense Industrial Base Cybersecurity Assessment Center, or DIBCAC, assessments. But Katie Arrington, the DoD official heading up the CMMC program, said a new ecosystem of private third-party assessors is necessary to scale such reviews across all of the approximately 300,000 companies the department relies on.

Organizations hoping to work with the Defense Department would be required to obtain certification through an accreditation body that entered into a no-cost contract with the Defense Department on Nov. 25. The currently all-volunteer organization will be funded through fees it receives from assessors it trains to conduct audits and individuals it approves as qualified to consult with prospective contractors on CMMC requirements.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2020/12/what-dods-cyber-certification-program-reveals-about-info-sharing-challenges/170400/

December 4, 2020 By cs

Pentagon ready to name first 15 ‘pathfinder’ contracts for CMMC

It’s a significant week for the Defense Department’s Cybersecurity Maturity Model Certification program: New rules that serve as a precursor to the full CMMC implementation took effect on Tuesday, and an announcement of the first 15 contracts that will serve as “pathfinders” for the new model are imminent.

That initial set of procurements would represent the first real-world use of CMMC, the program the department has been building for the past year-and-a-half to shore up the cybersecurity of its industrial base. So far, DoD acquisition officials have only applied the model to contracts in non-punitive tabletop exercises, and without publicly identifying the contracts involved.

The department expects to name the first 15 pathfinders within “the next few days,” Katie Arrington, the chief information security officer in DoD’s acquisition and sustainment office told an industry conference. The announcement has been highly-anticipated as the defense industry waits to see how many vendors could be impacted by the initial pathfinder process.

Meanwhile, earlier this week, two precursors to the full CMMC rollout took effect — part of a sweeping rule change DoD promulgated in September to implement the program. Going forward, almost all vendors bidding on new contracts will have to log into a web portal and attest to which specific security controls in NIST Special Publication 800-171 they’re currently complying with.

Keep reading this article at: https://federalnewsnetwork.com/defense-main/2020/12/pentagon-ready-to-name-first-15-pathfinder-contracts-for-cmmc/