Tuesday, January 25, 2022

Subscribers Only

Free

DoD Scraps CMMC 1.0 for CMMC 2.0

For nearly two years, we have been reporting on this blog about the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program. CMMC...

CMMC 2.0 Simplifies Requirements But Raises Risks for Government Contractors

For defense industrial base companies that will provide annual self-assessment affirmations within the CMMC 2.0 framework, steps can be taken to reduce the risk...

GAO: Stakeholder Communication and Performance Goals for Defense Contractors Could Improve CMMC Framework

A GAO report reviews (1) what steps the Department of Defense took to develop CMMC, (2) the extent to which DoD made progress in implementing CMMC, including communication with industry, and (3) the extent to which DoD has developed plans to assess the effectiveness of CMMC. GAO makes three recommendations to the department: to improve […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

DoD Contractors Will Struggle to Meet CMMC Requirements

In an opinion piece for Nextgov, Matt Malarkey of Titania describes the CMMC’s impact on DoD contractors as “a headache that most aren’t prepared for today and are unlikely to be ready for soon,” one which is “wrought with complexity and confusion.” He anticipates that many DoD contractors will struggle to comply with the CMMC […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

U.S. Military Has Taken Action Against Ransomware Groups

Cyber Command head General Paul Nakasone confirms that the U.S. military has taken offensive measures against foreign ransomware groups. Although both he and a DoD spokesperson declined to comment on specifics, Nakasone noted that the government had “imposed costs” on bad actors. President Joe Biden has repeatedly stated his intent to go after ransomware groups […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

CMMC 2.0: Giving Defense Contractors More Time to Do Less (on Cybersecurity)

On November 17, 2021, the Department of Defense published an advanced notice of proposed rulemaking in connection with announced changes to the CMMC for...

CEO of Accreditation Body Describes “Scalability” of CMMC 2.0 Self-Assessment Options

With the “reboot” of CMMC, there is uncertainty about what happens in the meantime. Matthew Travis, CEO of the CMMC Accreditation Body says the goal is to get an interim, voluntary program up and running in early 2022. Travis conceded that the available assessors wouldn’t have been able to meet demand for CMMC 1.0, and […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Changes Coming to DOD’s Cybersecurity Maturity Model Certification under CMMC 2.0

DOD’s proposal of changes to the CMMC program is responsive to concerns raised by the defense industrial base in several ways, including its simplification of five levels into three, a greater reliance on existing federal sources of cybersecurity guidance (i.e., NIST standards), and—at least in some circumstances—continued allowance of self-attestations of compliance by many defense […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Cybersecurity Maturity Model Certification (CMMC) 2.0 – What Federal Contractors Need To Know

On November 4, 2021, the Department of Defense issued an Advanced Notice of Proposed Rulemaking by releasing the latest and highly anticipated iteration of the CMMC program – CMMC 2.0. According to the DoD, the streamlined version of CMMC 2.0: Cuts red tape for small and medium-sized businesses Sets priorities for protecting DoD information Reinforces […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

DoD to Offer Incentives for Cybersecurity Before CMMC 2.0

With implementation of CMMC 2.0 possibly years away, Defense Department officials are considering financial rewards and other incentives to get contractors to improve their...