The Department of Defense’s Cybersecurity Maturity Model Certification program is scheduled to take effect later this year and Morgan Dwyer, a fellow at the Center for Strategic and International Studies’ International Security Program, said DoD should launch a pilot program focused on a small set of highest-priority vendors, Signal Magazine reported Sunday.
“DOD can use that pilot program to simultaneously work through implementation issues and to improve cybersecurity in priority areas,” Dywer said. “DOD can then leverage lessons learned from the pilot program to develop a more comprehensive implementation plan for CMMC. Addressing implementation issues in a pilot program will make CMMC’s rollout to the entire industrial base much smoother in the long run.”
She noted that the new cyber model involves costs associated with third-party assessments, compliance and the third-party verification body.
“I think it’s likely that DOD will be responsible for at least one component of those costs and that is why it’s so important to pilot CMMC first. A pilot program will allow DOD to gain a better understanding of CMMC’s costs and to use that knowledge to develop a cost-informed CMMC policy and implementation strategy,” added Dwyer, who is also deputy director for policy analysis at CSIS’ Defense-Industrial Initiatives Group.
Katie Arrington, chief information security officer at the Office of the Assistant Secretary of Defense for Acquisition and a 2020 Wash100 Award recipient, will serve as a keynote speaker at the CMMC Forum 2020. She will address the CMMC’s timeline, how the certification process could change and will provide a memorandum of understanding with a newly established CMMC accrediting body.
A full expert panel will include Ty Schieber, senior director of executive education and CMMC-AB chairman of the University of Virginia and Richard Naylor of the Defense Counterintelligence and Security Agency (DCSA) among other members of the federal sector and industry.
Register here to join Potomac Officers Club for its CMMC Forum 2020 on April 2nd to learn about the impact DoD’s CMMC will have on cybersecurity practices, supply chain security and other aspects of the federal market.