Katie Arrington, the DoD Chief Information Security Officer for Acquisition, presented at the SENEDIA Tech on 11 October 2019. Her insight on the need for the Cybersecurity Maturity Model Certification was direct and convincing. She emphasized that we must protect our DoD technology – it is a team effort, government and industry!
DoD is working with John Hopkins University Applied Physics Laboratory (APL) and Carnegie Mellon University Software Engineering Institute (SEI) to review and combine various cybersecurity standards into one unified standard for cybersecurity. The CMMC levels will range from basic hygiene to “State-of-the-Art” and will also capture both security controls. The required CMMC level (notionally between 1 – 5) for a specific contract will be contained in future DoD Requests for Proposals and will be a “go/no-go decision”
The CMMC will be semi-automated and, more importantly, cost effective enough so that Small Businesses can achieve the minimum CMMC level of 1. The CMMC model will be agile and adapt to emerging and evolving cyber threats to the DIB sector. A neutral 3rd party will maintain the standard for the Department and a center for cybersecurity education and training will be established.
Presentation from the event: CMMC_Overview_Releasable_OCT 2019