Cybersecurity

Small businesses ask Congress to focus CMMC on primes and DOD

Jonathan Williams, a partner at the Washington, D.C.-based law firm PilieroMazza, told lawmakers much of small businesses concerns could be assuaged if DOD and prime contractors shoulder the burden.

Acquisition

First CMMC assessment organization approved

The accrediting body overseeing the Defense Department's Cybersecurity Maturity Model Certification program announced the debut of the first organization authorized to assess defense contractors.

Acquisition

CMMC assessor training expected in late summer

The professional training needed to carry out assessments for the Defense Department's unified cybersecurity standard for contractors won't kick off until later this summer.

Acquisition

Is it time to test the limits -- and potential -- of expanding CMMC?

Calls for a certified baseline of cybersecurity seem to increase with every cyberattack. Is the CMMC model the right template for a universal and independently verifiable way to protect supply chains?

Cybersecurity

CMMC board adds new training head, board members

Melanie Kyle Gingrich will take over training daily operations for the Cybersecurity Maturity Model Certification Accreditation Body as the vice president of training and development.

Cybersecurity

CMMC announces new advisory council to collect industry feedback

The new organization will eventually produce regular public reports and address common industry concerns like the cost of implementation.

Cybersecurity

Space Force satellite communications contract gets nod for CMMC

A request for information for the Inmarsat Broadband Global Area Network and Global Xpress contract was amended March 31 to include requirements for the CMMC pilot program.

Cybersecurity

Mandatory review of DOD's compliance on CMMC is delayed

The Defense Department was supposed to submit a review to Congress by March 1 assessing whether components complied with the guidelines of the Cybersecurity Maturity Model Certification program. That deadline has been pushed to June.

Cybersecurity

First set of CMMC certification orgs emerge

The Defense Department's unified cybersecurity program is making gains with its first tranche of certifying bodies, but assessments for defense contractors are a ways off.

Cybersecurity

CMMC board preps for staff changes

The body in charge of standing up and running the Defense Department’s unified cybersecurity standard is shifting its staffing arrangement.

Cybersecurity

CMMC board's training lead resigns

Ben Tchoubineh, the CMMC accreditation body's chair for training and CMMC board member Nicole Dean, the chief information security officer for Accenture, have voluntarily resigned, FCW has learned.

Acquisition

GSA preps guidance for using CMMC in civilian contracts

The General Services Administration wants to get ahead on training and education materials contracting officers will need as Cybersecurity Maturity Model Certification requirements become standard.

Cybersecurity

CMMC reciprocity in sight for 2021

The Defense Department is still figuring out how to give contractors reciprocity with the Cybersecurity Maturity Model Certification program and similar certifications, but the end is close, officials say.

Cybersecurity

Final rule, formal training orgs on CMMC could hit this summer

A final rule on the Defense Department's unified cybersecurity standard could debut as soon as this summer but implementation hinges on standing up a formal training system.

Acquisition

CMMC countdown is on but are there enough assessors to do the job?

Katie Arrington, DOD's CISO for acquisition, said having enough assessors to do in-person audits of defense contractors is her biggest concern.

Cybersecurity

Civilian-side CMMC

The General Services Administration will add more supply chain and cybersecurity protection language, including DOD's CMMC requirements for vendors, to its new contracts as risks grow, according to one of the agency's top acquisition managers.

Acquisition

NSA warns contractors on China hacks

The National Security Agency released details on 25 existing vulnerabilities that Chinese state-sponsored threat groups are using to try to penetrate defense industrial base networks.

Acquisition

Real-world CMMC

FCW asked two contract lawyers what vendors really need to know about the Cybersecurity Maturity Model Certification program.

Cybersecurity

DOD releases interim cybersecurity rule

The rule is designed to ensure DOD contractors are adhering to a uniform standard for protecting controlled unclassified information is protected. But while trade groups representing government and defense contractors have lauded the framework but criticized the implementation and rulemaking process.

Cybersecurity

How to shift CMMC for the future

While the goal of Cybersecurity Maturity Model Certification is to establish a unified standard for cybersecurity practices across the DOD, it does not directly address specific control expectations or risks associated with organization-specific threat actors.