In 2019, the Department of Defense (DoD) announced the development of the Cybersecurity Maturity Model Certification (CMMC) Program, which was then implemented in 2020 as an interim rule. We blogged about that way back in 2020. This program was designed to give a certification to contractors based on the depth and effectiveness of their cybersecurity systems to help ensure that contractors implement required security measures. As DoD put it, “[t]he CMMC model consists of maturity processes and cybersecurity best practices from multiple cybersecurity standards, frameworks, and other references, as well as inputs from the broader community.” In late December 2023, the DoD issued proposed changes to the CMMC program for “CMMC 2.0,” a plan that DoD began work on back in 2021. In this post, we will take a general look at these proposed changes.
Continue readingTag Archives: cybersecurity
SmallGovCon Week in Review: June 7-June 11, 2021
Happy Friday! It’s been a busy week in federal government contracting news. Among the notable announcements, Federal agencies are staffing up and a new IRS web app has been announced. The Treasury Department laid out its updated vision for its financial management shared services offerings and some companies are considering opting out of working with the Defense Department because of the cost of the Cybersecurity Maturity Model Certification program.
Have a great weekend.
Continue readingDoD CMMC Requirements Begin Rollout November 30
February of 2020 seems like a long time ago, for many reasons. But that was when the official version of the Cybersecurity Maturity Model Certification (CMMC) standards were released. Recently, the DoD issued an interim rule that will update the DFARS to implement the assessment methodology and CMMC framework for DoD procurements as well as add a new requirement for cybersecurity assessment under the NIST SP 800-171 framework. Here are some of the key points.
Continue readingCMMC Update: Details on Certification Infrastructure and COTS Products
The framework for the DOD’s Cybersecurity Maturity Model Certification (CMMC) process continues to move forward. Here’s an update on what’s currently happening with the CMMC that includes a few more details the DOD and the independent CMMC Accreditation Body have recently released about the nuts and bolts of the certification process.
Continue readingYouTube Tuesday: CMMC–Cybersecurity, Trust but Verify Edition
CMMC continues to be in the news as the government ramps up the process to start requiring contractors to be compliant with the Cybersecurity Maturity Model Certification. In this video, I remind contractors why CMMC is so important.
5 Things You Should Know: CMMC
CMMC has been a hot topic for federal government contractors of late, for good reason: once CMMC is rolled out, contractors under a particular Defense Department procurement must meet the applicable cybersecurity level, or they’ll be considered ineligible.
But in case you’re still wondering what CMMC is and why it matters, let’s take a closer look. Here are five things you should know about the Department of Defense’s new Cybersecurity Maturity Model Certification (“CMMC”).
Continue readingDOD Cybersecurity Certification Standards Are Official
Well, if you’d been waiting for DOD’s Cybersecurity Maturity Model Certification (CMMC) standards to stop being “draft” before you took a look at them, the wait is over! Version 1.0 (no longer marked draft) was released last week. DoD has indicated it will begin using CMMC requirements in requests for information starting June 2020.
Let’s take a look at some of the highlights from the recent release.
Continue reading