Skip Ribbon Commands
Skip to main content
 
      

Skip Navigation LinksTopic

Edited: 9/8/2021 8:50 AM
Picture: ADAM STROUP
ADAM STROUP
Navigate the complexities of DFARS, NIST 800-171, and now Cybersecurity Maturity Model Certification (CMMC)
[Update 8 Sep 21] see the new ACQuipedia article, CMMC

[Updated 11 Jun 21] The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)), working with DoD stakeholders, University Affiliated Research Centers (UARCs), Federally Funded Research and Development Centers (FFRDC), and industry, developed the Cybersecurity Maturity Model Certification (CMMC) framework.

This announcement is to help you start to navigate the complexities of DFARS, NIST 800-171, and now Cybersecurtiy Maturing Model Certification (CMMC). Is industry in compliance? What does all of this mean?
- required cybersecurity controls are found in NIST 800-171 Rev 2 ; it does update frequently
- DFARS Clauses that may be on your contract
  o DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting 
  o 252.204-7020 NIST SP 800-171 DoD Assessment Requirements.
  o 252.204-7021 Cybersecurity Maturity Model Certification Requirements.
- DoD CMMC web sites
  o NAVWAR's Cyber COP milSuite [requires a profile and CAC]
  o USD(A&S) CMMC web site (last updated Dec. 2020)
DAU Webinar on CMMC, June 2020

What must indutry do?  Perhaps acquire Cyber Compliance as a Service.
– Supply Chain Risk Assessments
– Business Unit Readiness Assessment
– CMMC Readiness Assessments
– Cyber Compliance Remediation Services

Where to report cybersecurity incidents?  Rapidly report cyber incidents to DoD at https://dibnet.dod.mil


Send me outher resources and I will share if appropriate.

Picture: ADAM STROUP
  • ADAM STROUP
http://myad.dau.mil:80/User%20Photos/Profile%20Pictures/astroup_MThumb.jpg?t=63628988073" alt="Picture: ADAM STROUP" />
ADAM STROUP
[Update 8 Sep 21] see the new ACQuipedia article, CMMC

[Updated 11 Jun 21] The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)), working with DoD stakeholders, University Affiliated Research Centers (UARCs), Federally Funded Research and Development Centers (FFRDC), and industry, developed the Cybersecurity Maturity Model Certification (CMMC) framework.

This announcement is to help you start to navigate the complexities of DFARS, NIST 800-171, and now Cybersecurtiy Maturing Model Certification (CMMC). Is industry in compliance? What does all of this mean?
- required cybersecurity controls are found in NIST 800-171 Rev 2 ; it does update frequently
- DFARS Clauses that may be on your contract
  o DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting 
  o 252.204-7020 NIST SP 800-171 DoD Assessment Requirements.
  o 252.204-7021 Cybersecurity Maturity Model Certification Requirements.
- DoD CMMC web sites
  o NAVWAR's Cyber COP milSuite [requires a profile and CAC]
  o USD(A&S) CMMC web site (last updated Dec. 2020)
DAU Webinar on CMMC, June 2020

What must indutry do?  Perhaps acquire Cyber Compliance as a Service.
– Supply Chain Risk Assessments
– Business Unit Readiness Assessment
– CMMC Readiness Assessments
– Cyber Compliance Remediation Services

Where to report cybersecurity incidents?  Rapidly report cyber incidents to DoD at https://dibnet.dod.mil


Send me outher resources and I will share if appropriate.

16/8/2021 11:21 AM9/8/2021 8:50 AMNoAsk the Community
82.3550175698281
14/10/2021 9:00 AM1
ADAM STROUP
Posted: 6/11/2021 9:22 AM
Picture: ADAM STROUP
ADAM STROUP

What is cmmc?  CMMC stands for “Cybersecurity Maturity Model Certification” and is a unifying standard for the implementation of cybersecurity across the Defense Industrial Base (DIB). The CMMC framework includes a comprehensive and scalable certification element to verify the implementation of processes and practices associated with the achievement of a cybersecurity maturity level. CMMC is designed to provide increased assurance to the Department that a DIB company can adequately protect sensitive unclassified information, accounting for information flow down to subcontractors in a multi-tier supply chain.​

Picture: ADAM STROUP
  • ADAM STROUP
http://myad.dau.mil:80/User%20Photos/Profile%20Pictures/astroup_MThumb.jpg?t=63628988073" alt="Picture: ADAM STROUP" />
ADAM STROUP

What is cmmc?  CMMC stands for “Cybersecurity Maturity Model Certification” and is a unifying standard for the implementation of cybersecurity across the Defense Industrial Base (DIB). The CMMC framework includes a comprehensive and scalable certification element to verify the implementation of processes and practices associated with the achievement of a cybersecurity maturity level. CMMC is designed to provide increased assurance to the Department that a DIB company can adequately protect sensitive unclassified information, accounting for information flow down to subcontractors in a multi-tier supply chain.​

ADAM STROUP6206/11/2021 9:22 AM6/11/2021 9:22 AM
4/10/2021 9:00 AM

 

false,false,2
Chat with DAU Assistant
Bot Image