CyberSheath is pleased to introduce CMMC Con 2020 attendees to one of our keynote speakers and CMMC discussion panelists, retired Brigadier General Dr. Robert Spalding. As emphasized by his experience, Dr. Spalding is an expert on national security and highly-qualified […]
CMMC Con 2020 Speaker Spotlight – Dr. Robert Spalding, BRIG GEN, USAF (RET) Read More »
Lockheed Martin and other prime contractors are contacting their suppliers and requesting a security status update; in many cases requesting a demonstration of compliance before the DOD November 30th deadline. If you’ve received this request, you’re not alone. We’re helping
On September 29, 2020, the Department of Defense (DOD) issued an interim rule (Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041)) implementing two separate requirements for defense contractors related to cybersecurity that change acquisition. The two requirements give contractors
DFARS Interim Rule: What You Must Do Immediately Read More »
Defense Federal Acquisition Regulation Supplement: Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041) is here. Often referred to as CMMC this long-awaited and hotly debated Interim Rule harmonizes legacy (DFARS clause 252.204-7012) and future (CMMC) requirements with the following
DOD Released a New Interim Final DFARS Rule Covering CMMC and NIST 800-171 Read More »
The Department of Defense (DOD) has instituted an emergency action, possibly to confirm what is widely already known on cybersecurity compliance among the defense industrial base (DIB). Self-certification for defense contractors has enabled “barely there” cybersecurity unless you are one
Calling Industries Bluff: The DOD Emergency Action on NIST 800-171 Compliance Read More »
Compliance with ever-evolving DOD cybersecurity mandates like DFARS 252.204-7012, NIST 800-171, and Cybersecurity Maturity Model Certification (CMMC) is complicated and confusing. It can be hard to understand the outcomes that you should focus on and how to measure success. Discover
Achieve DFARS Compliance with Managed Services Read More »
The theft of intellectual property and sensitive information across the Defense Industrial Base (DIB) and the supply chain of the Department of Defense (DOD) threatens economic security and national security. Malicious cyber actors have persistently targeted the DIB sector and
Cybersecurity Maturity Model Certification (CMMC) Update Read More »
There is a lot your organization is already doing that you can apply to your preparation for the impending launch of CMMC (Cybersecurity Maturity Model Certification). One important and useful component to consider is a Plan of Action and Milestones (POA&M or
How a Plan of Actions and Milestones Fits Into CMMC Read More »
Have contractors implemented the NIST 800-171 controls? DOD Inspector General (IG) audit suggests not, recommends third-party audits. Are you ready?
A recent audit conducted in response to a request from the Secretary of Defense determined that DOD contractors did not consistently implement DOD‑mandated system security controls for safeguarding Defense information. Specifically, Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012 requires contractors that maintain Controlled Unclassified Information (CUI) to implement security controls specified in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, which lists security requirements for safeguarding sensitive information on non-Federal information systems. The requirements include controls for user authentication, user access, media protection, incident response, vulnerability management, and confidentiality of information.
Recent DOD Audit on Controlled Unclassified Information Finds Contractors Not Secure Read More »
CyberSheath has attended multiple listening sessions and events with DOD leadership revealing more information regarding the DOD Cybersecurity Maturity Model Certification (CMMC). I want to expand on our previous blog with the additional details and actionable plans on what DOD contractors need to do to prepare for the changes.
What We Understand about CMMC so Far
CMMC stands for “Cybersecurity Maturity Model Certification” and will encompass multiple maturity levels that range from “Basic Cybersecurity Hygiene” to “Advanced”. The intent is to identify the required CMMC level in Request for Proposals (RFP) sections L and M to be used as a “go / no go decision.” This means that instead of the ability to bid and win a contract and then comply post-award with cybersecurity requirements, DOD contractors will have to be certified to the CMMC level required in advance, pre-bid, to even be eligible to bid.
