For defense industrial base companies that will provide annual self-assessment affirmations within the CMMC 2.0 framework, steps can be taken to reduce the risk...
GAO: Stakeholder Communication and Performance Goals for Defense Contractors Could Improve CMMC Framework
A GAO report reviews (1) what steps the Department of Defense took to develop CMMC, (2) the extent to which DoD made progress in implementing CMMC, including communication with industry, and (3) the extent to which DoD has developed plans to assess the effectiveness of CMMC. GAO makes three recommendations to the department: to improve […]
In an opinion piece for Nextgov, Matt Malarkey of Titania describes the CMMC’s impact on DoD contractors as “a headache that most aren’t prepared for today and are unlikely to be ready for soon,” one which is “wrought with complexity and confusion.” He anticipates that many DoD contractors will struggle to comply with the CMMC […]
Cyber Command head General Paul Nakasone confirms that the U.S. military has taken offensive measures against foreign ransomware groups. Although both he and a DoD spokesperson declined to comment on specifics, Nakasone noted that the government had “imposed costs” on bad actors. President Joe Biden has repeatedly stated his intent to go after ransomware groups […]
On November 17, 2021, the Department of Defense published an advanced notice of proposed rulemaking in connection with announced changes to the CMMC for...
With the “reboot” of CMMC, there is uncertainty about what happens in the meantime. Matthew Travis, CEO of the CMMC Accreditation Body says the goal is to get an interim, voluntary program up and running in early 2022. Travis conceded that the available assessors wouldn’t have been able to meet demand for CMMC 1.0, and […]
DOD’s proposal of changes to the CMMC program is responsive to concerns raised by the defense industrial base in several ways, including its simplification of five levels into three, a greater reliance on existing federal sources of cybersecurity guidance (i.e., NIST standards), and—at least in some circumstances—continued allowance of self-attestations of compliance by many defense […]
On November 4, 2021, the Department of Defense issued an Advanced Notice of Proposed Rulemaking by releasing the latest and highly anticipated iteration of the CMMC program – CMMC 2.0. According to the DoD, the streamlined version of CMMC 2.0: Cuts red tape for small and medium-sized businesses Sets priorities for protecting DoD information Reinforces […]
With implementation of CMMC 2.0 possibly years away, Defense Department officials are considering financial rewards and other incentives to get contractors to improve their...