Posted by Stephen Palamara, TCC Director of Business Development
This is a follow up to my earlier blog post that discussed that the Department of Defense recently announced that it will soon unveil a new cybersecurity standard and certification for defense contractors, called the “Cybersecurity Maturity Model Certification” (CMMC).
At the 2019 Federal Acquisition Conference Presented by PSC on June 13, 2019, Katie Arrington, Special Assistant to the Assistant Secretary of Defense for Acquisition for Cyber, Office of the Under Secretary of Acquisition and Sustainment, gave a presentation titled “Securing the Supply Chain”. The full PowerPoint presentation can be viewed here https://insidedefense.com/document/dod-briefing-slides-securing-supply-chain
In her presentation, Ms. Arrington provided a preview of the Notional CMMC Model Components, as depicted below.
The model incorporates security practices across 14 Control Families and provides a notional 1-5 scale for rating contractors on the institutionalization of security processes.
In a subsequent slide, Ms. Arrington provides some preliminary feedback from stakeholders on the proposed CMMC. Of most importance to small businesses as well as larger contractors, is the need for the system to be inexpensive, have multiple levels that are easily graduated, and that offer a low barrier to entry for all contractors.
There will be twelve collaborative Industry Days/Listening Sessions in locations across the country in July and August 2019 to provide a venue for stakeholders to obtain information and voice concerns.
TCC will continue to watch this story closely, to gauge the impact it may have on the NIST 800-171 and NIST 800-53 Gap and Remediation Services provided by our Security Services practice. It is anticipated that September 2020 will be the target rollout date for the CMMC 1-5 requirement to appear on RFP’s.
To find out more about TCC’s Security Services please visit our website https://www.e-tcc.com/security-services.