CMMC stands for “Cybersecurity Maturity Model Certification”. The CMMC will encompass multiple maturity levels that ranges from “Basic Cybersecurity Hygiene” to “Advanced/Progressive”. The intent is to incorporate CMMC into Defense Federal Acquisition Regulation Supplement (DFARS) and use it as a requirement for contract award. The official website can be found at https://www.acq.osd.mil/cmmc/
This past week, several Cyber Huntsville Board members were on a TEAMS call with the creator of the CMMC, Katie Arrington. She provided an overview of the Cyber Resiliency Project that included online training modules and CMMC guide.
The DOD is planning to migrate to the new CMMC framework in order to assess and enhance the cybersecurity posture of the Defense Industrial Base (DIB). The CMMC is intended to serve as a verification mechanism to ensure appropriate levels of cybersecurity practices and processes are in place to ensure basic cyber hygiene as well as protect controlled unclassified information (CUI) that resides on the Department’s industry partners’ networks.Ms. Arrington is asking for input into the Defense Federal Acquisition Regulation Supplement: Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041) https://www.federalregister.gov/documents/2020/09/29/2020-21123/defense-federal-acquisition-regulation-supplement-assessing-contractor-implementation-of available for public comment by November 30th.
We encourage all Cyber Huntsville members, and the entire Tennessee Valley community, to submit comments to the CMMC/DFARS Interim Rule.