Pentagon announces first pilots for its cyber certification program

By Sara Friedman / December 15, 2020 at 7:07 PM

The Defense Department has announced the first round of pilot contracts that will include requirements under the Cybersecurity Maturity Model Certification program for the current fiscal year.

"For approved pilots, all offerors will undergo the appropriate CMMC assessment, and awardee must achieve the required CMMC level at time of contract award, and flow down the appropriate CMMC requirement to subcontractors," the Pentagon said today in a news release. "This allows for additional time to meet the CMMC certification requirement."

The "Chief Information Security Officer (CISO) team for Acquisition and Sustainment' is reviewing "pilot nominations from the military services and defense agencies" for:

* U.S. Navy

-- Integrated Common Processor

-- F/A-18E/F Full Mod of the SBAR and Shut off Valve

-- DDG-51 Lead Yard Services / Follow Yard Services

* U.S. Air Force

-- Mobility Air Force Tactical Data Links

-- Consolidated Broadband Global Area Network Follow-On

-- Azure Cloud Solution

* Missile Defense Agency

-- Technical Advisory and Assistance Contract

An interim rule implementing the Pentagon's CMMC program went into effect on Nov. 30. The CISO team is "currently reviewing and adjudicating the comments," according to DOD.

The Defense Department has estimated 1,500 companies in the defense industrial base will need to get certified under CMMC during fiscal 2021 to compete for the pilot contracts.

"During the first year of the rollout, the Department will require no more than 15 new Prime acquisitions to meet CMMC requirements as part of a CMMC pilot program," the Defense Department says on its CMMC website. "These contracts will focus on mid-sized programs that require the contractor to process or store CUI (CMMC Level 3). Primes will be required to flow down the appropriate CMMC requirement to their subcontractors."

CMMC will expand to 75 contracts in fiscal 2022 and scale up to 475 contracts in fiscal 2025.

The Defense Department said on Tuesday: "The CISO team continues to work with the Army and other defense agencies to identify and approve additional candidate CMMC pilots, to ensure they fit within the criteria, and will provide updates in the weeks to come."