October 30, 2019 — The Cybersecurity Maturity Model Certification, or CMMC, is the next stage in the Department of Defense's (DoD) efforts to properly secure the Defense Industrial Base (DIB). In the simplest of terms, the DoD announced that it is creating a cybersecurity assessment model and certification program. Unlike prior years, contracting authorities will not accept only a System Security Plan (SSP) and Plan of Action and Milestones (POA&M) as compliance for DFARS 252.204-7012. Contractors will be evaluated based upon the implementation of actual technical controls in addition to their documentation and policies. These evaluations will lead to a level certification of 1 to 5, 5 being the most secure. The higher your company certifies, the more contracts you will be eligible to bid on.
According to the Office of the Under Secretary of Defense, the CMMC cyber level requirement will flow down to all subcontractors. They also state all future RFPs will require a CMMC level regardless of handling Controlled Unclassified Information (CUI).
The Cybersecurity Maturity Model Certification (CMMC) will be a new requirement for existing DoD contractors, replacing the self-attestation model and moving towards third party certification.
The certification will be built on existing requirements such as NIST compliance SP 800-171, NIST SP 800-53, AIA NAS9933, private sector contributions, and input from academia. This new certification will assure any existing problems within the Defense Industrial Base will be covered and secure.
DFARS compliance can seem complicated and confusing to those new to specifying wire guard and other precision wire components for Department of Defense projects. Trying to find a wire guard manufacturer you can trust with your DFARS-compliant project can be equally daunting. DFARS stands for "Defense Federal Acquisition Regulations Supplement," which is the military's version of the Federal Acquisition Regulations.
FedRAMP marketplace is the Federal Risk and Authorization Program (FedRAMP) is the current administration's attempt to set cloud computing security standards for cloud service providers. The primary goal of FedRAMP is to streamline the authorization process for government agencies to work with public and private cloud hosting companies. This is coming on the heels of certain provisions in the 2012 National Defense Authorization Act that require the Department of Defense to migrate data to private-sector cloud solutions. This is mainly due to assessments confirming that the private-sector is more capable of providing equal or greater security at a fraction of the cost.
FedRAMP requirements are significant concern as every state and federal agency will use FedRAMP as a building point, and can if they so choose, decide to implement a host of security requirements in addition.
About CMMC Marketplace:
CMMC Marketplace connects government contractors those are looking to achieve cybersecurity maturity model certification (CMMC) compliance with qualified CMMC service providers.
For more information about CMMC Marketplace visit our website https://www.cmmcmarketplace.com
-- end ---