At its most basic level, under CMMC 2.0, defense contractors and subcontractors that have access to controlled unclassified information (CUI) will be required to demonstrate the “maturity” of their cybersecurity programs against a set of increasingly advanced capabilities.
By Jaspreet Gill“In my mind, these are some of these avenues that we’re looking at at an idea phase now to see if we can put resources behind it,” said Robert Vietmeyer, director for cloud and software modernization.
By Jaspreet Gill“For instance, in the CMMC realm, rather than go out and assess each and every network of our industry partners, I’m kind of keen on establishing some sort of cloud services […]” said David McKeown, DoD deputy chief information officer and senior information security officer
By Jaspreet Gill“There’s a cost to your IP, there’s a cost to the US government and there’s a benefit to our adversaries if we don’t do something like this,” DoD Chief Information Officer John Sherman said of the Cybersecurity Maturity Model Certification program.
By Jaspreet GillThat conclusion is part of the National Defense Industrial Association’s third annual Vital Signs 2022 report, which offers an analysis of the US’s defense industrial base.
By Jaspreet GillDoD said it will be “increas[ing] oversight of professional and ethical standards of third-party assessors.”
By Brad D. WilliamsCMMC 1 is “what you’ve got to have to make sure your neighbor is not in your Netflix,” quipped Stacy Bostjanick, director of CMMC. “It’s very easy, and commensurate with basic cyber hygiene. I recommend that everyone get there, but as a COTS provider, you don’t have to.”
By Kelsey Atherton“A determined adversary with the right capabilities is going to find their way in, especially if they put all their resources to bear on it,” said Karlton Johnson, the chair of the CMMC Accreditation Body board of directors.
By Kelsey AthertonDesigned to help secure the supply chain, CMMC requires the defense industrial base to protect Controlled Unclassified Information.
By Barry Rosenberg“This is the start of a new day in the Department of Defense where cybersecurity, as we’ve been saying for years is foundational for acquisitions, we’re putting our money where our mouth is. We mean it,” Katie Arrington says.
By Kelsey AthertonThe NSA cannot mandate patching on its own, but the new Cybersecurity Maturity Model Certification (CMMC) allows the Pentagon to penalize companies in its supply chain that fail to adequately protect their networks.
By Kelsey AthertonUndersecretary Ellen Lord took pains today to emphasize companies would have plenty of time and plenty of help to meet new security standards. Is she going too slow?
By Sydney J. Freedberg Jr.