The Defense Department says it will finalize and announce changes to its Cybersecurity Maturity Model Certification program “very soon,” as the department tries to strike a balance between its security goals and the costs and uncertainties the model will impose on contractors. Deputy Defense Secretary Kathleen Hicks launched a review of the CMMC earlier this […]
Industry associations say their members are losing patience with the government due to the slow pace of information sharing about GSA’s OASIS contract and DoD’s Cybersecurity Maturity Model Certification program. Late last week, the IT Industry Council, the Professional Services Council and the National Defense Industrial Association wrote to DoD to share their members concerns […]
Three government contractor groups – the National Defense Industry Association, the Professional Services Council, and Information Technology Industry Council – have written to Deputy...
The U.S. Space Force is working to wrap up a new cybersecurity certification process for commercial communications constellations in Low Earth Orbit, which have greater management requirements than more sparsely deployed traditional comsats in higher, geostationary orbits. The service’s Commercial Satellite Communications Office will update its 2019 Infrastructure Asset Pre-Assessment (IA-Pre) program with new cybersecurity […]
The Defense Department has created a new Supply Chain Resiliency Working Group, dedicated to addressing challenges with its supply chain visibility and resiliency, including...
Private Health Information of Well-Known Defense Department Personnel is Accessible to Other DoD Personnel
The Defense Department Office of Inspector General performed an audit to determine whether the department effectively controlled access to health information of well-known DoD personnel. Using a sample of 38 individuals who had become well-known to the public, GAO determined that DoD “did not effectively control access to health information of well‑known DoD personnel and […]
In an opinion piece for Federal News Network, Eric Crusius of Holland & Knight and Ed Bassett of NeoSystems welcome the DoD’s ongoing review of the Cybersecurity Maturity Model Certification program, because there are several areas they believe need improvement. Their observations and recommendations include: The cost of obtaining a CMMC certification can be especially […]
There’s a lot of buzz about the Cybersecurity Maturity Model Certification regulations introduced by the Department of Defense. Rightfully so – it’s a BIG deal. However, contractors would be better served spending more energy on starting to take action vs. trying to determine when the program will become effective or apply to their specific organization […]
During an event sponsored by Washington Technology, CMMC Accreditation Body CEO Matt Travis says that CMMC assessors can begin their work once some training...
A new software repository is helping the Army more rapidly deploy patches and other updates to units, and to identify which have downloaded them. This is a big improvement over its previous method of mailing CDs containing software updates. For example, following the SolarWinds breach, most units had the company’s patch within a day. The […]