Sunday, May 28, 2023
Key Issues Taiwan weapons delay FTUAS contracts SFRC RFP delay
The General Services Administration has released a final request for proposals for small businesses that want to provide IT services to agencies that could have lasting repercussions for contractors wanting to do business with the Defense Department and civilian agencies, according to a leading contract lawyer.
The National Institute of Standards and Technology has released a new draft to guide the Defense Department on how to define controlled unclassified information requirements for industry, in line with the maturity levels of the Pentagon's cyber certification program.
The Cyberspace Solarium Commission is advocating for getting up to 20 recommendations from the group's report included in this year's defense policy bill, according to commission Executive Director Mark Montgomery, who says the creation of a national cyber director and a Joint Cyber Planning Cell within the Cybersecurity and Infrastructure Security Agency are among the top priorities.
The Army is looking for industry solutions that are able to meet requirements of the Cybersecurity Maturity Model Certification program in a solicitation for its Assault Breacher Vehicle Remote Control System program, months ahead of when the first Defense Department contract solicitations with CMMC language will be released.
More work is needed to define the policies and procedures behind the Pentagon's Cybersecurity Maturity Model Certification program that go beyond a memorandum of understanding with its accreditation body, according to a leading tech industry association.
Roles and responsibilities of the Defense Department and the accreditation body for its Cybersecurity Maturity Model Certification program are detailed in a memorandum of understanding released this week, which spells out how government will work with industry to conduct cyber verification assessments for the defense industrial base.
The Defense Department provided new details this week on the memorandum of understanding with an independent accreditation authority that will certify companies under the Cybersecurity Maturity Model Certification program.
The independent accreditation body for the Pentagon's Cybersecurity Maturity Model Certification program is collecting information from potential vendors who are able to provide a platform for assessors to take their exams for certification.
The Cybersecurity Maturity Model Certification Accreditation Body is developing standards for assessment that are adaptive to changes made to "source documents" coming from the Defense Department, according to CMMC AB board member Regan Edens.
The accreditation group for the Pentagon's Cybersecurity Maturity Model Certification program says details released on its provisional program for auditors and assessors were published "inadvertently" on its website, and crafting the requirements and application details for the program is still in process.
The independent accreditation body developing standards for auditors and assessors under the Defense Department's Cybersecurity Maturity Model Certification program has circulated information on how the provisional program will work, including fees and an initial structure for the selection process for third-party assessors.
The Pentagon is moving aggressively under its cybersecurity certification program to create a framework and structure for contractors, vendors, and suppliers to get up to speed on what they will need to do to get certified, according to a top Defense Department official, but the process of changing acquisition rules to make the program effective could be delayed.
Auditors under the Cybersecurity Maturity Model Certification will be prohibited from consulting with companies they are certifying in an effort to create "checks and balances," according to DOD acquisition Chief Information Security Officer Katie Arrington.
The Defense Department is surging ahead with efforts to get third-party assessor organizations certified for work under the Cybersecurity Maturity Model Certification program, but the process of setting up a structure for companies to be assessed and approved has many unanswered questions, according to two large defense industry groups.
The Senate Armed Services Committee's move to paper hearings has slowed efforts to fold Cyberspace Solarium Commission recommendations into the fiscal year 2021 defense authorization bill, as the Senate panel's leaders want to hear directly from members of the high-profile advisory panel in person, according to a committee staffer.
The Defense Department is setting an aggressive schedule to get up to 1,500 contractors certified under the Cybersecurity Maturity Model Certification program by the end of this year, but the timing could shift on expected deliverables amid the response to the COVID-19 health crisis, according to public statements and remarks by sources.