CMMC Symposium 2020

May 11, 2020
By Maryann Lawlor
Katie Arrington (r), chief information security officer, office of the undersecretary of defense for acquisition, U.S. Defense Department, and other Pentagon acquisition officials brief reporters on cybersecurity standards for government. Photo by Petty Officer 2nd Class James K. Lee, USN

The coronavirus is not stopping the U.S. Defense Department from proceeding with work on the Cybersecurity Maturity Model Certification (CMMC), and it shouldn’t slow down industry in doing the same. Although some of the public hearings that should have taken place by now have been delayed because of the pandemic, the CMMC team continues to train and get the word out about rules changes.

April 23, 2019
By Robert K. Ackerman
Ty Schieber, chair, CMMC Accreditation Body, promises to post "a tremendous amount of information" on his office's website over the next couple of days, while speaking at the AFCEA Virtual CCMC Symposium.

The success of the new Cybersecurity Maturity Model Certification (CMMC) will hinge largely on diverse types of contractors sharing information and following security standards, said a panel of experts exploring CMMC ramifications. Speaking at AFCEA’s Virtual CMMC Symposium, the government officials emphasized that the CMMC will be both an opportunity and an obligation to the defense community

April 23, 2019
By Robert K. Ackerman
Panelists participate in a remote panel discussion hosted by AFCEA’s Virtual CMMC Symposium.

Companies should not be intimidated by the multitiered Cybersecurity Maturity Model Certification (CMMC), says a panel of experts. The new system is geared for companies to approach it methodically as they learn more about its implementation and requirements.

In a remote session hosted by AFCEA’s Virtual CMMC Symposium, the panelists encouraged companies to proceed through its steps and seek advice from others, particularly prime contractors. Janey Nodeen, president, Burke Consortium Inc., said, “There is a path to success. It’s not as hard as you think, and at the end of the day it’s very, very valuable to your company.

“It is very much a crawl-walk-run approach, and don’t overthink it,” she added.

April 23, 2019
By Robert K. Ackerman
Credit: Shutterstock/Anatolii Stoiko

Ensuring the sanctity of defense information goes beyond keeping secrets from the enemy: it also brings to light vulnerabilities in the supply chain. One of the key tenets of the Cybersecurity Maturity Model Certification (CMMC) is to guarantee the sanctity of the supply chain in a time when data is particularly in peril.

A keynote fireside discussion group at AFCEA’s Virtual CMMC Symposium looked at the threats posed to the supply chain in light of the COVID-19 coronavirus pandemic. Bob Kolasky, director, National Risk Management Center, Cybersecurity and Infrastructure Security Agency, Department of Homeland Security, provided a powerful presentation in which he pulled no punches about the threat.

April 23, 2019
By Robert K. Ackerman

“The time is now” for companies to begin implementation of Cybersecurity Maturity Model Certification (CMMC) measures, said the chief information security officer for defense acquisition. Katie Arrington, speaking at AFCEA’s Virtual CMMC Symposium, told participants that many CMMC tenets constitute good practices that can—and should—be implemented even before the CMMC is formalized.

“Let’s not wait until it’s required; let’s do it now,” Arrington said. “The time is now.” She added that the country loses $600 billion a year to adversaries, and practicing basic cyber hygiene methods that will be part of CMMC level 1 standards will help companies immensely.