CMMC

The intelligence supply chain needs prompt attention, but any solutions do not necessarily require moving all production back to the United States. The country can rely on some critical sources overseas, but it cannot expect just any vital component to be available any time it is needed.

Cybersecurity program managers are facing the dilemma of appropriately balancing compliance with threat tracking and mitigation. Today, amidst the ever-growing problem of data breaches, organizations are investing in protection. But simply complying with security and privacy standards seldom means systems and data are automatically secure.

Recent actions by cybermarauders have illustrated the importance of the Cybersecurity Maturity Model Certification (CMMC) thrust by the Defense Department, and new assessment guides can help lay the groundwork for companies to meet CMMC requirements, according to government officials.These and other key points were presented at the AFCEA CMMC Lunch and Learn session held on March 19. The last of a series of CMMC lunch presentations, this session focused on requirements for the National Institute of Standards and Technology (NIST). But, government experts addressed several other key issues related to CMMC implementation.

The future enterprise will be edge-centric, cloud enabled and data driven, said Bill Burnham, CTO, U.S. Public Sector Business Unit, Hewlett Packard Enterprise.

He shared his ideas during an AFCEA online event titled “The Edge Is Where the Action Is!”

Adversaries are stepping up their efforts to exfiltrate information and weaken the U.S. supply chain through cyberspace. These efforts aim to both wreck the country from within and strengthen the hand of the adversary wielding the digital sword, according to a U.S. government official.

New government security measures are designed with these challenges in mind, and they can help secure targeted small businesses. The Cybersecurity Maturity Model Certification (CMMC), which is rolling out, is designed to help mitigate the effects of adversarial activities in cyberspace.

The coronavirus is not stopping the U.S. Defense Department from proceeding with work on the Cybersecurity Maturity Model Certification (CMMC), and it shouldn’t slow down industry in doing the same. Although some of the public hearings that should have taken place by now have been delayed because of the pandemic, the CMMC team continues to train and get the word out about rules changes.

To truly ensure the principle of one person, one vote, the American electoral infrastructure should adopt security protocols similar to those used in the cybersecurity industry. Electoral management should be conducted using variations on the techniques employed for financial systems and national security data. Unfortunately, today’s U.S. voting mechanisms at all levels as well as national policy would not pass even the most rudimentary information assurance audit.

Ensuring the sanctity of defense information goes beyond keeping secrets from the enemy: it also brings to light vulnerabilities in the supply chain. One of the key tenets of the Cybersecurity Maturity Model Certification (CMMC) is to guarantee the sanctity of the supply chain in a time when data is particularly in peril.

A keynote fireside discussion group at AFCEA’s Virtual CMMC Symposium looked at the threats posed to the supply chain in light of the COVID-19 coronavirus pandemic. Bob Kolasky, director, National Risk Management Center, Cybersecurity and Infrastructure Security Agency, Department of Homeland Security, provided a powerful presentation in which he pulled no punches about the threat.

Adapting to great power competition requires improved acquisition operations, and the U.S. Defense Department's acquisition headquarters has been busy revamping contracting practices. The efforts are succeeding in reducing contracting burdens, timelines and workforce hours, and is bringing in more innovation into the DOD, its top leader reports.