The Department of Defense released the final Model Version 1.0 of the Cybersecurity Maturity Model Certification framework in January. The development of the CMMC framework is part of DoD's efforts to enhance the protection of sensitive data within the Federal supply chain.
The CMMC framework adds a verification and audit component to DoD's cybersecurity requirements. It is anticipated that all contractors throughout the DoD supply chain will need to reach some level of CMMC certification if they are to receive future DoD contracts and subcontracts.
DoD, in an effort to enhance supply chain security, developed new cybersecurity standards that contractors and suppliers must meet to participate in future DOD acquisitions. Through the CMMC, DoD has transformed cybersecurity as a foundational element to the current DoD acquisition criteria of cost, schedule, and performance.
The CMMC Accreditation Body, or CMMC-AB, is a private, non-profit organization charged with selecting and training CMMC third-party assessment organizations, or C3PAOs. The C3PAOs ultimately will be responsible for assessing and certifying contractors.
Certifications will be good for three years, and they are company-specific, meaning once a company is certified, any DOD branch or agency will accept the certification. The DOD and AB currently are drafting a CMMC Memorandum of Understanding that will outline the parties’ rules, roles, and responsibilities.
Katie Arrington, chief information security officer at the Office of the Assistant Secretary of Defense for Acquisition and a 2020 Wash100 Award recipient, will serve as a keynote speaker at the CMMC Forum 2020. She will address the CMMC's timeline, how the certification process could change and will provide a memorandum of understanding with a newly established CMMC accrediting body.
A full expert panel will include Ty Schieber, senior director of executive education and CMMC-AB chairman of the University of Virginia and Richard Naylor of the Defense Counterintelligence and Security Agency (DCSA) among other members of the federal sector and industry.
Register here to join Potomac Officers Club for its CMMC Forum 2020 on April 2nd to learn about the impact DoD's CMMC will have on cybersecurity practices, supply chain security and other aspects of the federal market.