Monday, October 2, 2023
Key Issues SAR on SM-6 SAR on MPF SAR on F-15EX
Plans to separate the CMMC Accreditation Body's authorities to certify and train assessors is a positive sign, according to a leading defense industry association, but the trade group says they will keep a close watch on the rollout of the reorganization.
The independent accreditation body behind the Pentagon's cyber certification program will be required to separate its assessor and training programs into business units, one of the many conditions in a no-cost contract signed by the Defense Department and the new non-profit reviewed by Inside Cybersecurity.
The Defense Department is working on adjudicating comments from an interim final rule that established the Pentagon's Cybersecurity Maturity Model Certification program, which officials said Wednesday could change based on ongoing work on maturity levels four and five.
The Defense Department is planning to issue a memo outlining how the maturity levels of its new cyber certification program align with FedRAMP and other standards used by industry.
The Defense Department has announced the first round of pilot contracts that will include requirements under the Cybersecurity Maturity Model Certification program for the current fiscal year.
The Defense Department is delaying defining the "scope" of its Cybersecurity Maturity Model Certification assessments for maturity levels one and three in the first editions of its assessment guides, which assessors say will impact the ability to conduct a comprehensive audit.
The Defense Department has released two assessment guides outlining how auditing firms and their assessors will evaluate contractors who want to get certified for Cybersecurity Maturity Model Certification maturity levels one through three.
The Pentagon's approach to making cybersecurity a foundational part of acquisition is mandating new compliance requirements for the defense industrial base, which could potentially create a division between primes and subcontractors when it comes to information sharing.
Industry groups across a range of sectors are asking the Defense Department to provide more details on how its new cyber certification program will affect government contractors.
An agency tasked with providing information technology services and support across the Defense Department is working on a "scoring rubric" to help its acquisition officials make decisions internally on contracting requirements related to the Pentagon's new cyber certification program.
The accreditation body behind the Pentagon's cyber certification program is requiring assessors and consultants to sign a "Code of Professional Conduct," which details confidentiality protections and the "proper use" of information collected from contractors.
The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program has launched a new section of its website dedicated to providing contact information for certified practitioners and consultant companies.
The Defense Department is planning to release its assessment guide for the Cybersecurity Maturity Model Certification program next week, outlining the details for how companies will be evaluated for maturity levels one through three.
Lockheed Martin is working with its suppliers to get details on their efforts to reach compliance with current and upcoming cybersecurity regulations from the Pentagon.
Two leaders from National Institute of Standards and Technology-funded centers focused on the manufacturing sector are expressing concerns on whether small businesses will be prepared for implementation of the Pentagon's cyber certification program on Dec. 1.
The Defense Contract Management Agency will give contractors the opportunity to make updates on their compliance with NIST Special Publication 800-171 in the Pentagon's Supplier Performance Risk System, according to agency leader John Ellis.
Cloud service providers Microsoft and Amazon are working on solutions to help contractors reach compliance with the Defense Department's Cybersecurity Maturity Model Certification program through a shared responsibility model.
The Pentagon will require government contractors to submit a self-assessment of their compliance with the 110 controls in National Institute of Standards and Technology Special Publication 800-171 starting Nov. 30, establishing a new cyber regime for contractors under the Defense Department that will have a wide-ranging impact on the DOD supply chain.
The Defense Department is working with the Cybersecurity Maturity Model Certification Accreditation Body to develop a process for companies to dispute their cyber assessment results and get an objective ruling from the Pentagon's lead contracts agency.
The Defense Department has set a deadline for the accreditation body behind the Pentagon's cyber certification program to establish a contractual relationship with DOD by the end of this month.