The Cybersecurity Maturity Model Certification (CMMC) program is supposed to shore up cybersecurity across the DoD’s 300,000+ contractor base. Authentic8’s Abel Vandegrift discusses the progress the Pentagon and other stakeholders have made over the past few months.
Since the start of the pandemic, DoD official Katie Arrington, the acquisition office’s CISO and the public face of the DoD’s effort, has kept in close touch with Defense Industrial Base (DIB) stakeholders via online conferences to provide continual updates and clarifications.
The CMMC program will require all DoD contractors to undergo assessment and third-party certification[1] of their cybersecurity posture to be awarded a DoD contract. The tiered certification program includes five levels corresponding to the sensitivity of the controlled unclassified information (CUI) a contractor will handle under a particular contract.
Accreditation Body in Place, Assessor Certification Underway
Rolling out the requirements will be a slow and measured process. The DoD has handpicked the first 10 requests for information (RFIs) that will include CMMC requirements, scheduled to appear in October after the official acquisition rule is changed. The requests for proposals (RFPs) will follow later this year, and the first contract awards are expected in…
