By now, most government contractors are aware of the Department of Defense’s strong emphasis on cybersecurity, and recent NIST SP 800-171 (DFARS 252.204-7012) compliance standards put into place. And up until this point, a System Security Plan (SSP) and Plan of Action and Milestones (POAM) were sufficient for compliance. It appears that things are about to change. Contractors will now be responsible for implementing specific controls in accordance with the new Cybersecurity Maturity Model Certification (CMMC). And there will be multiple levels of the CMMC, that will range 1 to 5 from basic to advanced.
In a recent webinar hosted by the Professional Services Council, some of the details of the CMMC were revealed. Special guest speaker Katie Arrington, Special Assistant to the Assistant Secretary of Defense for Acquisition for Cyber, Office of the Under Secretary of Acquisition and Sustainment, discussed the cybersecurity landscape and the considerations for contractors. To view the full webinar, visit the PSC website here > View Webinar. Or download a copy of the presentation here > View Slides.
Here are some important items to note from the presentation:
- CMMC will be a unified standard for cybersecurity
- The CMMC will encompass multiple maturity levels that range from “Basic Cybersecurity Hygiene” to “Advanced”. The intent is to identify the required CMMC level in RFP sections L and M and use as a “go /no go decision.”
- Target availability January 2020
- Will incorporate existing control frameworks and infosec solutions
- Intent is for certified independent 3 rd party organizations to conduct audits
- To be included in RFIs (June 2020) and new Solicitations (Late 2020)
JAMIS Software Corporation will continue to set the highest standard of security for its customers by staying in the loop with the Department of Defense, the Defense Contract Management Agency, the Professional Services Council Cybersecurity Policy Working Group, Third Party Assessment Organizations (3PAOs), and several other industry associations and partners. For more information about how JAMIS can help your organization meet industry security requirements, take a look at our website HERE.