Cybersecurity Maturity Model Certification (CMMC) 2.0 is here. If your company is not prepared, the time to get ready is now, or your company may risk losing business with the Department of Defense (DoD).
The CMMC program requires cyber protection standards for companies in the Defense Industrial Base (DIB) and aims to protect sensitive unclassified information that the DoD shares with contractors and subcontractors.
In a Department of Defense (DoD) Town Hall held on February 10, led by David McKeown, DoD’s Senior Information Security Officer and Deputy CISO, we heard some news about CMMC. Defense contractors holding Controlled Unclassified Information (CUI) will need a third-party assessment to obtain certification.
DoD has recently incorporated CMMC requirements into the Defense Federal Acquisition Regulation Supplement (DFARS Case 2019–D041, available here https://bit.ly/30LXAeE). The rule change is currently open for public comment, and I urge all interested parties to read it and provide input.
In previous years you would have ventured to our nation’s Capital to take part in the AWS Public Sector Summit. This year’s event – as you could imagine – was a virtual experience. Although I and my fellow DLT colleagues wished we could have been there in person, we really enjoyed our time at this year’s Summit. Much like what has been the theme of 2020, AWS had to adapt and innovate to these unprecedented times. They certainly rose to the occasion and put together a unique and valuable experience for their attendees.
2019 has ended with more uncertainty than normal—even than the federal government is used to. Last year at this time, of course, Christmas brought the advent of a record-long lapse in appropriations for about half the departments and agencies. The exceptions of Homeland Security, Defense and Veterans Affairs kept IT dollars flowing, but the partial shutdown left its mark nonetheless.
The ugly impeachment process working its way down the hall from the house to the Senate might be a psychic distraction but will have no effect on IT procurement.