CMMC

September 14, 2021
By Robert K. Ackerman
Ellen Lord (l), former undersecretary of defense for acquisition and sustainment, discusses the vulnerability of the supply chain with Christine Michienzi, chief technology officer for the Office of the Deputy Assistant Secretary of Defense for Industrial Policy, at the Intelligence and National Security Summit. Photo by Herman Farrer

The intelligence supply chain needs prompt attention, but any solutions do not necessarily require moving all production back to the United States. The country can rely on some critical sources overseas, but it cannot expect just any vital component to be available any time it is needed.

June 2, 2021
By Chris Souza
Cybersecurity grows more complex with the Cybersecurity Maturity Model Certification. Effective compliance begins with effective leadership. Credit: fizkes/Shutterstock

There’s little doubt that thanks to the influx of new government regulations around privacy and data security, requirements have become the primary area of focus for many defense industrial base and General Services Administration contractors.

June 1, 2021
By Mark Spangler
 Cyber program managers must review their plans to respond to today’s evolving threat environment.  Shutterstock

Cybersecurity program managers are facing the dilemma of appropriately balancing compliance with threat tracking and mitigation. Today, amidst the ever-growing problem of data breaches, organizations are investing in protection. But simply complying with security and privacy standards seldom means systems and data are automatically secure.

April 6, 2021
Posted by: George I. Seffers
A newly formed industry advisory council will allow small and large businesses to provide feedback on the CMMC. Credit: Gorodenkoff/Shutterstock

The Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB), the sole authoritative source for operationalizing CMMC assessments and training by the U.S. Defense Department, has announced the formation of a cybersecurity Industry Advisory Council’s (IAC).

The CMMC-AB IAC mission is to provide a unified voice as representatives of organizations seeking certification to provide to the Defense Department and the accreditation board feedback, input and recommendations for implementing the CMMC.

March 22, 2021
By Robert K. Ackerman
Advanced hacks such as the recent Solar Winds event are pushing the limits of CMMC standards. Credit: ozrimoz/Shutterstock

Recent actions by cybermarauders have illustrated the importance of the Cybersecurity Maturity Model Certification (CMMC) thrust by the Defense Department, and new assessment guides can help lay the groundwork for companies to meet CMMC requirements, according to government officials.These and other key points were presented at the AFCEA CMMC Lunch and Learn session held on March 19. The last of a series of CMMC lunch presentations, this session focused on requirements for the National Institute of Standards and Technology (NIST). But, government experts addressed several other key issues related to CMMC implementation.

February 11, 2021
By Robert K. Ackerman
Stacy Bostjanick (r), director of CMMC, Office of the Under Secretary of Defense (A&S), warns of CMMC certification companies that are not themselves certified in a discussion at AFCEA NOVA Intelligence Community IT Day.

Companies preparing for Cybersecurity Maturity Model Certification (CMMC) should beware of firms that are promising to get them certified, said a government official. Stacy Bostjanick, director of CMMC, Office of the Under Secretary of Defense (A&S), stated that any firms claiming to be able to do that are not capable of that function yet.

January 14, 2021
By Julianne Simpson
The future enterprise will be edge-centric, cloud enabled and data driven, says Bill Burnham, CTO, U.S. Public Sector Business Unit, Hewlett Packard Enterprise.

The future enterprise will be edge-centric, cloud enabled and data driven, said Bill Burnham, CTO, U.S. Public Sector Business Unit, Hewlett Packard Enterprise.

He shared his ideas during an AFCEA online event titled “The Edge Is Where the Action Is!”

December 1, 2020
By Robert K. Ackerman
Credit: Shutterstock/Niyazz

The Defense Department’s new cybersecurity maturity model certification (CMMC) coincidentally took effect on the first day of TechNet Cyber, AFCEA’s virtual event being held December 1-3. Leading officials with the Defense Department, the Defense Information Systems Agency (DISA) and industry discussed what its implementation will mean to the defense industrial base (DIB) and the community as a whole.

November 17, 2020
By Robert K. Ackerman
Credit: Shutterstock/VideoFlow

Adversaries are stepping up their efforts to exfiltrate information and weaken the U.S. supply chain through cyberspace. These efforts aim to both wreck the country from within and strengthen the hand of the adversary wielding the digital sword, according to a U.S. government official.

New government security measures are designed with these challenges in mind, and they can help secure targeted small businesses. The Cybersecurity Maturity Model Certification (CMMC), which is rolling out, is designed to help mitigate the effects of adversarial activities in cyberspace.

May 15, 2020
By Rear Adm. Michael Brown, USN (Ret.)
End-to-end encryption will help the defense industrial base meet the requirements of the Cybersecurity Maturity Model Certification program, according to Rear Adm. Michael Brown, USN (Ret.). Credit: Jan Alexander/Pixabay

The Department of Defense (DOD) is dramatically increasing its digital security expectations for defense contractors and subcontractors. Having been on both sides of the partnership between government and the public sector, I am happy to see DOD is not only raising the bar on cybersecurity but also providing guidance on the implementation of cybersecurity best practices within the defense industrial base.

May 11, 2020
By Maryann Lawlor
Katie Arrington (r), chief information security officer, office of the undersecretary of defense for acquisition, U.S. Defense Department, and other Pentagon acquisition officials brief reporters on cybersecurity standards for government. Photo by Petty Officer 2nd Class James K. Lee, USN

The coronavirus is not stopping the U.S. Defense Department from proceeding with work on the Cybersecurity Maturity Model Certification (CMMC), and it shouldn’t slow down industry in doing the same. Although some of the public hearings that should have taken place by now have been delayed because of the pandemic, the CMMC team continues to train and get the word out about rules changes.

April 23, 2019
By Robert K. Ackerman
Ty Schieber, chair, CMMC Accreditation Body, promises to post "a tremendous amount of information" on his office's website over the next couple of days, while speaking at the AFCEA Virtual CCMC Symposium.

The success of the new Cybersecurity Maturity Model Certification (CMMC) will hinge largely on diverse types of contractors sharing information and following security standards, said a panel of experts exploring CMMC ramifications. Speaking at AFCEA’s Virtual CMMC Symposium, the government officials emphasized that the CMMC will be both an opportunity and an obligation to the defense community

May 1, 2020
By Travis Johnson
Citizens must be confident that their votes are counted as they are cast. Following the example of the NIST SP 800-53 Revision 4 Control Families list would be one way to ensure the information technology piece of voting machines is protected from threats and vulnerabilities. Credit: Shutterstock/Burlingham

To truly ensure the principle of one person, one vote, the American electoral infrastructure should adopt security protocols similar to those used in the cybersecurity industry. Electoral management should be conducted using variations on the techniques employed for financial systems and national security data. Unfortunately, today’s U.S. voting mechanisms at all levels as well as national policy would not pass even the most rudimentary information assurance audit.

April 23, 2019
By Robert K. Ackerman
Panelists participate in a remote panel discussion hosted by AFCEA’s Virtual CMMC Symposium.

Companies should not be intimidated by the multitiered Cybersecurity Maturity Model Certification (CMMC), says a panel of experts. The new system is geared for companies to approach it methodically as they learn more about its implementation and requirements.

In a remote session hosted by AFCEA’s Virtual CMMC Symposium, the panelists encouraged companies to proceed through its steps and seek advice from others, particularly prime contractors. Janey Nodeen, president, Burke Consortium Inc., said, “There is a path to success. It’s not as hard as you think, and at the end of the day it’s very, very valuable to your company.

“It is very much a crawl-walk-run approach, and don’t overthink it,” she added.

April 23, 2019
By Robert K. Ackerman
Credit: Shutterstock/Anatolii Stoiko

Ensuring the sanctity of defense information goes beyond keeping secrets from the enemy: it also brings to light vulnerabilities in the supply chain. One of the key tenets of the Cybersecurity Maturity Model Certification (CMMC) is to guarantee the sanctity of the supply chain in a time when data is particularly in peril.

A keynote fireside discussion group at AFCEA’s Virtual CMMC Symposium looked at the threats posed to the supply chain in light of the COVID-19 coronavirus pandemic. Bob Kolasky, director, National Risk Management Center, Cybersecurity and Infrastructure Security Agency, Department of Homeland Security, provided a powerful presentation in which he pulled no punches about the threat.

April 23, 2019
By Robert K. Ackerman

“The time is now” for companies to begin implementation of Cybersecurity Maturity Model Certification (CMMC) measures, said the chief information security officer for defense acquisition. Katie Arrington, speaking at AFCEA’s Virtual CMMC Symposium, told participants that many CMMC tenets constitute good practices that can—and should—be implemented even before the CMMC is formalized.

“Let’s not wait until it’s required; let’s do it now,” Arrington said. “The time is now.” She added that the country loses $600 billion a year to adversaries, and practicing basic cyber hygiene methods that will be part of CMMC level 1 standards will help companies immensely.

March 3, 2020
By Kimberly Underwood
Undersecretary of Defense for Acquisition and Sustainment Ellen M. Lord, who spoke to WEST attendees via video link, meets key staff members of the Combined Joint Task Force–Operation Inherent Resolve in Iraq. U.S. Army photo by Staff Sgt. Desmond Cassell

Adapting to great power competition requires improved acquisition operations, and the U.S. Defense Department's acquisition headquarters has been busy revamping contracting practices. The efforts are succeeding in reducing contracting burdens, timelines and workforce hours, and is bringing in more innovation into the DOD, its top leader reports.

March 1, 2020
By George I. Seffers
The littoral combat ships USS Independence, back, and USS Coronado travel together in the Pacific Ocean. One of the Defense Department’s primary cybersecurity concerns is that adversaries can hack into industry networks and steal secrets about developing weapon systems. U.S. Navy photo by Chief Mass Communication Specialist Keith DeVinney/Released​

With the U.S. Defense Department’s new cybersecurity verification requirements set to go into effect later this year, the Pentagon gets high marks from cybersecurity professionals for finally addressing the lack of contractor security, but experts also express doubts about the aggressive schedule and the potential for unintended consequences.

February 27, 2020
By Robert K. Ackerman
Credit: Shutterstock/Funtap

The phased approach to rolling out the Defense Department’s cybersecurity maturity model certification (CMMC) is accelerating with the department’s issuance of training guides late next month, said a department official. Stacy S. Bostjanick, director of CMMC policy, Office of the Undersecretary of Defense for Acquisition and Sustainment, recently described how that and other steps are part of the foundation for the five-year effort.

Speaking at an AFCEA NOVA Chapter luncheon, Bostjanick described how the CMMC will begin rolling out 15 practices in 2020-21, followed by 75 in 2022, 250 in 2023, 479 in 2024 and another 479 in 2025. The progressive program will increase complexity with higher levels of certification.