Tags CMMC 2.0

Working out arrangements with foreign partners is 'next hurdle’ for CMMC implementation

by

"We've had a couple of countries to date that have balked at the prospect of a U.S. person coming and doing an assessment on their soil," Stacy Bostjanick said.

DOD planning to use NIST 800-171 as evaluation criteria for contracts prior to CMMC rule

by

The NIST standards have been part of federal law for contractors for several years, but until now, contracting officers have been "lackadaisical" about enforcing them, said the head of DOD's CMMC program.

DOD exploring requirements for managed service providers under CMMC

by

The Department of Defense has created a new framework of cybersecurity requirements and certifications contractors must achieve under the Cybersecurity Maturity Model Certification (CMMC). But what about the DOD contractors that mostly outsource their IT and cybersecurity to managed service providers? The Pentagon’s CMMC leadership, now housed in its Office of the CIO, is planning to meet soon to address potential requirements for managed service providers under the CMMC framework…

DOD not meeting same standards it plans to hold contractors to under CMMC

by

The Pentagon established new requirements under the Cybersecurity Maturity Model Certification (CMMC) 2.0 program to hold contractors to better protecting sensitive defense data. But the Department of Defense itself hasn’t yet proven it can meet those same standards. Under CMMC 2.0, contractors will have to meet, at minimum, 110 security practices to do business with the U.S. military on projects that call for cybersecurity beyond the most basic level. But…

Pentagon updates timeline for CMMC cybersecurity initiative

by

The Department of Defense hopes to begin implementing its Cybersecurity Maturity Model Certification (CMMC) program requirements in contracts in May 2023, as part of an effort to prod hundreds of thousands of defense contractors to better protect their networks and controlled unclassified information. The requirements are currently going through the federal rulemaking process for the Code of Federal Regulations (CFR) and the Defense Federal Acquisition Regulation Supplement, which is required…

Industry still faces ‘a lot of ambiguity' around CMMC implementation

by

Federal contractors still face a lot of unknowns about how the Pentagon’s controversial Cybersecurity Maturity Model Certification program will be implemented, the head of a leading trade association told lawmakers Tuesday. The CMMC program is an effort to prod the defense industrial base to improve their cybersecurity with new certification-based standards and better protect controlled unclassified information from adversaries. After receiving major pushback from contractors about the burdens and cost…