Tags Cybersecurity Maturity Model Certification (CMMC)

DOD addressing 'obstacle course' of impediments holding back work with cybersecurity startups

by

John Sherman and others in the Pentagon are working to eradicate roadblocks keeping cybersecurity startups and other companies from scaling business with the Department of Defense.

Working out arrangements with foreign partners is 'next hurdle’ for CMMC implementation

by

"We've had a couple of countries to date that have balked at the prospect of a U.S. person coming and doing an assessment on their soil," Stacy Bostjanick said.

DOD planning to use NIST 800-171 as evaluation criteria for contracts prior to CMMC rule

by

The NIST standards have been part of federal law for contractors for several years, but until now, contracting officers have been "lackadaisical" about enforcing them, said the head of DOD's CMMC program.

DOD looking to cloud vendors to accelerate zero trust and CMMC adoption

by

DOD will look to cloud vendors to support two of its premier cybersecurity initiatives, CISO Dave McKeown said.

Cyber AB launches voluntary CMMC assessment program for defense contractors

by

The independent organization that oversees accreditations under the Defense Department’s new Cybersecurity Maturity Model Certification program has given defense contractors the greenlight to undertake voluntary CMMC assessments as they await a final rule from the DOD. The Cyber AB — formerly known as the CMMC Accreditation Body — issued a draft document Tuesday detailing the assessment process that third-party organizations will need to follow in certifying that DOD contractors can…

DOD exploring requirements for managed service providers under CMMC

by

The Department of Defense has created a new framework of cybersecurity requirements and certifications contractors must achieve under the Cybersecurity Maturity Model Certification (CMMC). But what about the DOD contractors that mostly outsource their IT and cybersecurity to managed service providers? The Pentagon’s CMMC leadership, now housed in its Office of the CIO, is planning to meet soon to address potential requirements for managed service providers under the CMMC framework…

DOD not meeting same standards it plans to hold contractors to under CMMC

by

The Pentagon established new requirements under the Cybersecurity Maturity Model Certification (CMMC) 2.0 program to hold contractors to better protecting sensitive defense data. But the Department of Defense itself hasn’t yet proven it can meet those same standards. Under CMMC 2.0, contractors will have to meet, at minimum, 110 security practices to do business with the U.S. military on projects that call for cybersecurity beyond the most basic level. But…

Pentagon updates timeline for CMMC cybersecurity initiative

by

The Department of Defense hopes to begin implementing its Cybersecurity Maturity Model Certification (CMMC) program requirements in contracts in May 2023, as part of an effort to prod hundreds of thousands of defense contractors to better protect their networks and controlled unclassified information. The requirements are currently going through the federal rulemaking process for the Code of Federal Regulations (CFR) and the Defense Federal Acquisition Regulation Supplement, which is required…

Industry still faces ‘a lot of ambiguity' around CMMC implementation

by

Federal contractors still face a lot of unknowns about how the Pentagon’s controversial Cybersecurity Maturity Model Certification program will be implemented, the head of a leading trade association told lawmakers Tuesday. The CMMC program is an effort to prod the defense industrial base to improve their cybersecurity with new certification-based standards and better protect controlled unclassified information from adversaries. After receiving major pushback from contractors about the burdens and cost…