CMMC Update: Details on Certification Infrastructure and COTS Products

The framework for the DOD’s Cybersecurity Maturity Model Certification (CMMC) process continues to move forward. Here’s an update on what’s currently happening with the CMMC that includes a few more details the DOD and the independent CMMC Accreditation Body have recently released about the nuts and bolts of the certification process.

Continue reading

5 Things You Should Know: CMMC

CMMC has been a hot topic for federal government contractors of late, for good reason: once CMMC is rolled out, contractors under a particular Defense Department procurement must meet the applicable cybersecurity level, or they’ll be considered ineligible.

But in case you’re still wondering what CMMC is and why it matters, let’s take a closer look. Here are five things you should know about the Department of Defense’s new Cybersecurity Maturity Model Certification (“CMMC”).

Continue reading

DOD Cybersecurity Certification Standards Are Official

Well, if you’d been waiting for DOD’s Cybersecurity Maturity Model Certification (CMMC) standards to stop being “draft” before you took a look at them, the wait is over! Version 1.0 (no longer marked draft) was released last week. DoD has indicated it will begin using CMMC requirements in requests for information starting June 2020. Let’s take a look at some of the highlights from the recent release.

Continue reading

GSA Releases IT Security and Authentication Solutions for Federal Agencies

GSA released a Draft Identity, Credentialing, and Access Management (ICAM) Solutions Catalog in response to an Executive Order and a new Office of Management and Budget (OMB) policy. These ICAM Solutions will assist federal agencies in managing and monitoring user access to information systems in order to ensure secure operations and could change security and authentication procedures for federal contractors. From the President on down, cybersecurity, including authentication, is a pressing concern for all federal contractors.

READ MORE

DOD will Require Cybersecurity Certification Starting Fall 2020

It’s not too soon to start thinking about those New Year’s resolutions. Along with other personal goals, federal contractors might want to add a cybersecurity resolution to their list. The Department of Defense has drafted a cybersecurity certification that will be finalized in January 2020. Starting next fall, contractors will have to be certified in order to submit proposals on defense solicitations. Read on for some of the highlights.

Continue reading

Contractors Beware: Government Bans Certain Telecommunications Equipment Effective August 13, 2019

Cybersecurity is a key concern of the federal government, which means that it should be a key concern for federal contractors, too.

To address a perceived cybersecurity risk, the 2019 NDAA prohibited the government from buying telecommunications devices produced by certain companies—namely, Huawei Technologies, ZTE Corporation, or any of their subsidiaries. In a proposed rule announced this week, this ban will be effective beginning August 13, 2019.

Continue reading