Tuesday, April 22, 2025
Key Issues Overhauling the FAR Troops in South Korea Overland AI
The Defense Department's work to prepare the proposed rule for its Cybersecurity Maturity Model Certification program is nearing completion, according to a Pentagon spokesperson, with publication in the Federal Register expected as soon as next week.
The number of certified assessors for the Pentagon's Cybersecurity Maturity Model Certification program experienced triple-digit growth in 2023 from the prior year, as the formal launch of the Defense Department initiative comes closer to fruition.
The Pentagon's rulemaking to implement its Cybersecurity Maturity Model Certification program has completed the Office of Information and Regulatory Affairs review process, a major milestone that indicates the new regulation should show up in the Federal Register soon.
The Pentagon will use a methodology developed by the Defense Contract Management Agency's Defense Industrial Base Cyber Assessment Center for National Institute of Standards and Technology Special Publications 800-171 assessments moving forward, according to a final rule formalizing an arrangement that is seen as a placeholder for the upcoming rollout of the Cybersecurity Maturity Model Certification program.
Stakeholders are getting ready for the upcoming release of a long-awaited rulemaking to implement the Pentagon's Cybersecurity Maturity Model Certification program, while the exact timing and content of the rule remains unclear two years after the Defense Department announced a major revamp.
Industry groups representing the defense industrial base are highlighting inconsistencies across the federal government over regulations addressing the handling of controlled unclassified information and potential impacts from the Pentagon's Cybersecurity Maturity Model Certification program, in filings to the Office of the National Cyber Director.
Stakeholders from large defense prime contractors at an industry event last week emphasized the need for their suppliers to reach compliance with requirements under the Pentagon's Cybersecurity Maturity Model Certification program, while also highlighting how they are working together to provide resources.
The selection of a free "benefit" tool for consulting organizations who pay to be part of the accreditation body ecosystem for the Pentagon's Cybersecurity Maturity Model Certification program is raising concerns from two stakeholders on the decision-making process and potential conflicts of interest.
The White House Office of Management and Budget's Office of Information and Regulatory Affairs is meeting with stakeholders in the Pentagon's Cybersecurity Maturity Model Certification program, as the interagency process gets underway to review a proposed rule that will implement major changes to the Defense Department initiative.
The Pentagon Office of Small Business Programs will launch a pilot with 25 to 50 companies to explore how to help smaller organizations comply with National Institute of Standards and Technology Special Publication 800-171 using a cloud environment provided by the Defense Department, according to Cybersecurity Maturity Model Certification leader Stacy Bostjanick.
The Canadian government is launching a cyber certification program for contractors who want to do business with the country's Department of National Defence that will be aligned with the Pentagon's Cybersecurity Maturity Model Certification program.
The National Institute of Standards and Technology will reduce the number of "organizational-defined parameters" in the next draft update to its foundational guide on the handling of controlled unclassified information on nonfederal systems, in response to stakeholder feedback.
The Pentagon has outlined its expectations for the Cybersecurity Maturity Model Certification assessment process in a recent filing to the White House Office of Management and Budget's Office of Information and Regulatory Affairs that provides details on estimated costs for compliance for small business entities and other companies in the defense industrial base.
The Defense Department is providing a long-awaited preview into its plans for level three of the Cybersecurity Maturity Model Certification program, in a draft update to an overview publication that describes "security requirements" as defined by the National Institute of Standards and Technology.
The use of "organization-defined parameters" in the National Institute of Standards and Technology's proposed update to its foundational controlled unclassified information publication could lead to a decline in the number of contractors in the defense industrial base, according to the leading info-sharing group for the defense sector.
Matthew Travis, CEO of the accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program, praised the Defense Department's efforts to get the first CMMC rulemaking moved into the interagency process for review at a Tuesday "town hall" meeting.
The Pentagon's Cybersecurity Maturity Model Certification program is entering a new stage with the submission of the rulemaking to implement the program now under review at the White House Office of Management and Budget's information and regulatory affairs office.
The program office behind the Pentagon's cyber certification program and civilian agencies are identifying issues over the use of "organization-defined parameters" in the latest draft update to NIST Special Publication 800-171, a foundational document on the handling of controlled unclassified information.
Senate Homeland Security Committee Chairman Gary Peters (D-MI) and Sen. James Lankford (R-OK) have offered a package of cyber bills for inclusion in the fiscal year 2024 defense authorization bill, including legislation to reform the Federal Information Security Modernization Act and address other cyber priorities, as work continues this week to pass the Senate's version of the major defense policy bill.
The Professional Services Council wants the National Institute of Standards and Technology to consider how to align NIST's foundational guidance on handling controlled unclassified information with other cyber procurement requirements, including the Pentagon's cyber certification program.