Gone are the days when Cybersecurity Maturity Model Certification (CMMC) was the issue keeping us up at night. Now that COVID-19 coverage has overtaken the news cycle and upended government and businesses alike, it has been hard to focus on anything else but coronavirus. But, according to the Department of Defense (DoD), the show must go on despite the disruption coronavirus has caused to the workforce. In fact, CMMC milestones and deadlines are still being executed on a tight clip.

Many already viewed the process of trying to meet or assess their level of compliance as a financial burden which is now compounded by operating with a largely remote workforce. However, in light of increased cyber attacks against government networks and the private sector, implementing CMMC requirements – especially now – may actually be a blessing. CMMC requires government contractors to achieve certain cybersecurity standards in order to qualify for contract awards. But these standards are also designed to protect the networks of government contractors too regardless of the goods or services they provide to the Defense Industrial Base (DIB).

In reality, the much anticipated CMMC is good…

Read More…

Since the start of the pandemic, DoD official Katie Arrington, the acquisition office’s CISO and the public face of the DoD’s effort, has kept in close touch with Defense Industrial Base (DIB) stakeholders via online conferences to provide continual updates and clarifications.

The CMMC program will require all DoD contractors to undergo assessment and third-party certification^[1] of their cybersecurity posture to be awarded a DoD contract. The tiered certification program includes five levels corresponding to the sensitivity of the controlled unclassified information (CUI) a contractor will handle under a particular contract.

Accreditation Body in Place, Assessor Certification Underway

Rolling out the requirements will be a slow and measured process. The DoD has handpicked the first 10 requests for information (RFIs) that will include CMMC requirements, scheduled to appear in October after the official acquisition rule is changed. The requests for proposals (RFPs) will follow later this year, and the first contract awards are expected in…

Подробнее…

Kim Koster VP Unanet

It’s Time for Govcon to Comply with New Cybersecurity Model 

By Kim Koster

One of the many lessons to come out of the ongoing global health crisis is that, even amid quarantines, stay-home orders, and a drastic slowdown in business and economic activity, cyber threats never rest — and in some instances, even escalate.

The Covid-19 CTI League, an ad hoc group of security experts that is working to neutralize cyber threats during the pandemic, recently hammered that lesson home, saying “the amount of COVID-19 related cyberattacks is surging,” with widespread reports of “suspicious domains, compromised infrastructures, and other cyber-attacks by malicious actors.” 

The persistence of cybercrime during the coronavirus pandemic hasn’t been lost on the U.S. Department of Defense (DoD). As of late June, the agency appeared intent to keep to its aggressive schedule for implementing a new set of tighter cybersecurity standards that defense contractors must meet in order to be considered for DoD contracts.

While the new standards included in DoD’s Cybersecurity Maturity Model Certification (CMMC) program were unveiled in January…

Read More…

Read More…