Pentagon’s Contractor Cybersecurity Program Approaches Testing Phase

If all goes according to plan, by the end of next week there will be 73 individuals ready to conduct initial assessments of Defense Department contractors for the Pentagon’s Cybersecurity Maturity Model Certification program.

The Defense Department currently takes contractors at their word on whether appropriate measures are in place to safeguard information in their possession that isn’t at the classified level, but is nonetheless sensitive and valuable. The CMMC aims to address what officials describe as an epidemic of intellectual property theft from within the defense industrial base by requiring that all contractors have their cybersecurity practices certified by a third party. A rule to implement the CMMC is expected in the fall.   

In June, DOD officially entered into a memorandum of understanding with a group of professionals in relevant fields who volunteered to manage the certification process—the CMMC Accreditation Body, or CMMC AB. The group has established itself as a non-stock corporation in Maryland—awaiting a tax-exemption determination by the Internal Revenue Service under Section 501(c)(3), according to its website—with a board of directors chairing various committees to get the program off the ground. 

“The instructor-led training is starting on Monday,” CMMC AB communications chairman Mark Berman told Nextgov. “Many of the provisional assessor candidates are deep into the online training already and providing us with exactly the type of detailed feedback that we have been seeking to make the system better for everyone who will follow.”

Much more than average trainees, this initial class of assessors will help to hone an assessment standard under development by the CMMC AB. Qualified assessors will use the standard to determine whether companies meet the requirements detailed in the CMMC model, which will be maintained by the DOD, according to the MOU.

The CMMC AB selected the group of 73 individuals from over 500 applicants mostly at random, according to a press release[1] issued Tuesday. After four days of the in-person training starting Aug. 31—during which they will contribute more feedback to shape the assessment standard—the group will be provisionally qualified to conduct a set of dummy assessments, and further test the program for potential pitfalls.

During an Aug. 13 event[2] with the Professional Services Council, Undersecretary of Defense for Acquisition and Sustainment Ellen Lord said acquisition tabletop exercises were part of mock assessments the department has already conducted on an existing contract. Another of these pathfinder projects is planned for September. The pathfinder assessments are non-punitive, Lord said, noting that the office of the chief information security officer for acquisition is also looking for other contracts on which to conduct CMMC pilots, which will not result in certifications, but serve to further de-risk the program.

The provisional assessors will play a crucial role in shaping the assessment standard on which the whole program rests.

“Right now, we’re coming out with the assessment standard, and that is the answers to the test,” Regan Edens, the CMMC AB’s chair for standards management said at the end of May[3]. At the end of the day, the assessors will train on that standard in order to be able to understand what is the standard, how do you apply the standard, what is the criteria for conformity and what’s the guidance that they need to give the organizations when they haven’t met the standard and what the path forward is to meet the requirement.”

But control of the standard could be in question. A statement of work included in a no-cost contract Lord says the DOD is working to finalize with the CMMC AB could reportedly change[4] who is responsible for maintaining the standard. 

Berman declined to comment on what he said were ongoing discussions with the government. 

RELATED PODCAST

References

  1. ^ a press release (www.cmmcab.org)
  2. ^ Aug. 13 event (www.defense.gov)
  3. ^ said at the end of May (www.cmmcab.org)
  4. ^ reportedly change (www.fedscoop.com)

Source URL: Read More
The public content above was dynamically discovered – by graded relevancy to this site’s keyword domain name. Such discovery was by systematic attempts to filter for “Creative Commons“ re-use licensing and/or by Press Release distributions. “Source URL” states the content’s owner and/or publisher. When possible, this site references the content above to generate its value-add, the dynamic sentimental analysis below, which allows us to research global sentiments across a multitude of topics related to this site’s specific keyword domain name. Additionally, when possible, this site references the content above to provide on-demand (multilingual) translations and/or to power its “Read Article to Me” feature, which reads the content aloud to visitors. Where applicable, this site also auto-generates a “References” section, which appends the content above by listing all mentioned links. Views expressed in the content above are solely those of the author(s). We do not endorse, offer to sell, promote, recommend, or, otherwise, make any statement about the content above. We reference the content above for your “reading” entertainment purposes only. Review “DMCA & Terms”, at the bottom of this site, for terms of your access and use as well as for applicable DMCA take-down request.

Acquire this Domain
You can acquire this site’s domain name! We have nurtured its online marketing value by systematically curating this site by the domain’s relevant keywords. Explore our content network – you can advertise on each or rent vs. buy the domain. Buy@TLDtraders.com | Skype: TLDtraders | +1 (475) BUY-NAME (289 – 6263). Thousands search by this site’s exact keyword domain name! Most are sent here because search engines often love the keyword. This domain can be your 24/7 lead generator! If you own it, you could capture a large amount of online traffic for your niche. Stop wasting money on ads. Instead, buy this domain to gain a long-term marketing asset. If you can’t afford to buy then you can rent the domain.

About Us
We are Internet Investors, Developers, and Franchisers – operating a content network of several thousand sites while federating 100+ eCommerce and SaaS startups. With our proprietary “inverted incubation” model, we leverage a portfolio of $100M in valued domains to impact online trends, traffic, and transactions. We use robotic process automation, machine learning, and other proprietary approaches to power our content network. Contact us to learn how we can help you with your online marketing and/or site maintenance.

Share