//

DoD Announced Designated “Protected Information” Under CMMC Regulations

2 mins read

In January, the U.S. Department of Defense released Version 1.0 of its Cybersecurity Maturity Model Certification framework. By 2026, DoD plans to require CMMC certification for all defense contracts. Contractors in the defense industry supply chain will be required to develop, assess, and augment cybersecurity practices.

DoD has introduced the CMMC as a verification mechanism to seek to ensure that its defense industrial base partners implement what DoD considers to be appropriate practices. Under “protected information,” DoD classified Federal Contract Information and Controlled Unclassified Information. FCI is information provided by or generated for the government under contract not intended for public release.

CUI is information that requires protection or dissemination controls pursuant to and consistent with laws, regulations, and government-wide policies, excluding information that is classified under Executive Order 13526, Classified National Security Information (December 29, 2009), or the Atomic Energy Act of 1954.

With the new regulations, contractors that work with both or either FCI and CUI classified data will not be able to receive awards without CMMC accreditation. DoD has projected integration to begin in spring 2020. 

Katie Arrington, chief information security officer at the Office of the Assistant Secretary of Defense for Acquisition and a 2020 Wash100 Award recipient, will serve as a keynote speaker at the CMMC Forum 2020. She will address the CMMC’s timeline, how the certification process could change and will provide a memorandum of understanding with a newly established CMMC accrediting body.

A full expert panel will include Ty Schieber, senior director of executive education and CMMC-AB chairman of the University of Virginia and Richard Naylor of the Defense Counterintelligence and Security Agency among other members of the federal sector and industry.

Register here to join Potomac Officers Club for its CMMC Forum 2020 on April 2 to learn about the impact DoD’s CMMC will have on cybersecurity practices, supply chain security and other aspects of the federal market.