The Department of Defense (DoD) has noted that cybersecurity requirements for the Department of Defense contractors will view the model as being in a “constant state of evolution” over the next few years, so what can contractors do to keep up with the current changes?
In late January, the Department of Defense released the final version of the Cybersecurity Maturity Model Certification (CMMC v. 1.0), outlining how contractors’ security regulations will shift with the new supplier cybersecurity compliance program.
As contractors have to adjust to the changing guidelines, it is crucial that they stay informed on the differences between the two programs. One of the most important changes to the model is that CMMC requires defense suppliers to be certified by CMMC assessors.
Katie Arringtion, chief information security officer for the Office of the Under Secretary of Defense for Acquisition and 2020 Wash100 Award winner, stated that the DoD will continually evaluate defense contractors’ certifications to profit from the return on investment.
“If it becomes a checklist, we have all failed,” said Arrington, It needs to become critical thinking about security and understanding that the threat today will not be the same threat that’s here a year or two years from now. And that we have to be constantly looking at how do we tweak? How do we bob? How do we weave?”
Arrington added that the DoD will continue to work with staff to develop the audit training. One of the challenges in creating the training guidelines is ensuring that it is simple and easy to understand. She stated that the agency has projected CMMC to be adopted internationally in 2020 and 2021.
With the federal government facing constantly evolving attacks on its supply chain, Arrington said that CMMC needs to be able to adjust to new challenges.
Katie Arrington, chief information security officer at the Office of the Assistant Secretary of Defense for Acquisition and a 2020 Wash100 Award recipient, will serve as a keynote speaker at the CMMC Forum 2020. She will address the CMMC’s timeline, how the certification process could change and will provide a memorandum of understanding with a newly established CMMC accrediting body.
A full expert panel will include Ty Schieber, senior director of executive education and CMMC-AB chairman of the University of Virginia and Richard Naylor of the Defense Counterintelligence and Security Agency (DCSA) among other members of the federal sector and industry.
Register here to join Potomac Officers Club for its CMMC Forum 2020 on April 2nd to learn about the impact DoD’s CMMC will have on cybersecurity practices, supply chain security and other aspects of the federal market.