Hon. Ellen Lord, the defense acquisition head and a 2020 Wash100 Award winner, said the Department of Defense (DoD) is working with other DoD offices to establish the Cybersecurity Maturity Model Certification (CMMC) architecture, DoD News reported Thursday.
Lord, who serves as the defense undersecretary for acquisition and sustainment, said at a Professional Services Council event that the DoD is working with the Defense Information Systems Agency (DISA) to develop a program management tool called Enterprise Mission Assurance Support Service (EMASS). CMMC EMASS will handle resources such as certificates, assessment reports and data analytics.
In addition, Lord noted that the DoD is partnering with the Missile Defense Agency (MDA) and Office of the Chief Information Security Officer for Acquisition (OCISO-A) to integrate CMMC requirements into an existing contract that covers tabletop exercises, mock assessor training and other assessment-related support services. OCISO-A is also working with another DoD entity to pilot the CMMC framework in September.
"These pilots will be implemented on new DOD contracts to further reduce the risk of CMMC phased rollout, by focusing on the flow-down of controlled unclassified information,” Lord said.
The CMMC Accreditation Body (CMMC-AB) opened registration for independent assessors in June 2020 and is on track to issue the first training course for evaluators this month, she added.