Stacy Bostjanick, the director of the CMMC policy office in the Under Secretary of Defense for Acquisition and Sustainment, discussed how the U.S. Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) has become a global intrigue as other nations look to the United States as the government implements the new model.
“They are all watching to see if we fall on our face or not. If we roll this out and make it work, they have indicated they will adopt CMMC as well,” said Bostjanick.
Along with the government contractors impacted by the new requirements, civilian agencies and allies like Canada, Sweden, Italy, the United Kingdom and others are paying close attention to how the Pentagon begins to fix supply chain and other cybersecurity challenges through this new initiative.
DoD plans to finalize the CMMC training and assessment guides in March. Bostjanick said those documents will tell vendors what it takes to be certified at levels 1, 2 and 3. “These guides are where people can find answers and what artifacts are needed. It is where all the answers to all your questions will be if you go through the assessment guide,” she said. “It’s not our intent to fool anyone.”
She noted that the accreditation body will develop the training classes for third party assessors. In the June or July timeframe, the first set of vendors can begin going through the assessment process in preparation for the first 15 procurements to call out CMMC requirements.
“The accreditation body is working with us to develop training material to accredit third-party assessors. There will be a marketplace for them as they go through the two-week course and test for level 3 accreditor certifications,” Bostjanick said.
Katie Arrington, chief information security officer at the Office of the Assistant Secretary of Defense for Acquisition and a 2020 Wash100 Award recipient, will serve as a keynote speaker at the CMMC Forum 2020. She will address the CMMC’s timeline, how the certification process could change and will provide a memorandum of understanding with a newly established CMMC accrediting body.
A full expert panel will include Ty Schieber, senior director of executive education and CMMC-AB chairman of the University of Virginia and Richard Naylor of the Defense Counterintelligence and Security Agency (DCSA) among other members of the federal sector and industry.
Register here to join Potomac Officers Club for its CMMC Forum 2020 on April 2nd to learn about the impact DoD’s CMMC will have on cybersecurity practices, supply chain security and other aspects of the federal market.