The Cybersecurity Maturity Model Certification (CMMC) framework vaulted forward as the federal Office of Information and Regulatory Affairs formally began its 90-day review period, a precursor to the required change in the Code of Federal Regulations making CMMC mandatory. This forward progress represents the next phase of maturity in the longstanding DOD and DIB public-private partnership and recent attacks suggest it can’t come soon enough.
Microsoft recently disclosed a breach by China-based threat actors, who gained access to email accounts associated with 25 organizations, including government agencies. Considering China’s history of cyber-espionage against the United States, this kind of breach is precisely what the Department of Defense (DOD) is trying to prevent with CMMC 2.0.
Steve Shirley, the executive director of the National Defense Information Sharing & Analysis Center (ND-ISAC) and vice chair of the Defense Industrial Base Sector Coordinating Council (DIB SCC), will join CMMC CON 2023 on Sept. 27 to share the industry perspective and the way forward for DIB contractors.
Prior to ND-ISAC, as Executive Director, Defense Cyber Crime Center (DC3), Shirley led the development and operation of the DOD’s principal cyber threat sharing program with defense contractors and its vulnerability disclosure program. For decades, he has been a leader in efforts to protect the DIB members, operations, technologies, and partners from foreign adversaries and criminal threats.
Register for CMMC CON 2023 to listen in as CyberSheath CEO Eric Noonan interviews Shirley, giving participants greater insight into the history that has led to the government’s development of CMMC 2.0 and what contractors can do to ensure they have the appropriate security posture.