cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Newcomer II

DoD Cybersecurity Maturity Model Certification

For a new DoD contractor requirement that is supposedly being released in January, just a few weeks from now, the industry and the DoD sure have seemed quiet about the CMMC.  Have any of you been taking preparatory steps?  Have any good resources besides the draft and FAQ (https://www.acq.osd.mil/cmmc/faq.html) ?  The FAQ says the first version will be released in January and then implemented as a requirement starting in June, which is a pretty quick time frame considering they haven't even specified how third party assessors become certified to issue CMMCs.

5 Replies
Highlighted
Advocate III

Re: DoD Cybersecurity Maturity Model Certification


@N_Bakewell wrote:

(https://www.acq.osd.mil/cmmc/faq.html) ?  The FAQ says the first version will be released in January and then implemented as a requirement starting in June, which is a pretty quick time frame considering they haven't even specified how third party assessors become certified to issue CMMCs.


This is gonna get VERY interesting. Recalling that DoD is still doing a shoddy job of enforcing the individual certifications requirements under 8570, I will be watching for how long it takes them to actually put the CMMC into contracts and enforce them for companies.

 

Craig

 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
https://CraginS.blogspot.com/
My Community Profile
My LinkedIn Profile
href="Not Passing a Cert Exam is Not the Same as Failing" target="new";;https://cragins.blogspot.com/2018/08/pass-rates-for-professional-exams.html
Highlighted
Community Champion

Re: DoD Cybersecurity Maturity Model Certification

This is certainly going to become very interesting indeed - the Australian Government are doing a similar scheme via the IRAP certification to ensure that Federal Government agencies comply with mandated controls.  Someone is going to be making a lot of money, and the rush to get certified will generate a lot of jobs for years to come.

 

https://www.cyber.gov.au/irap/irap_assessments

 

Regards

 

Caute_cautim

Highlighted
Newcomer II

Re: DoD Cybersecurity Maturity Model Certification

Well I assure you this is happening.  They have come to the realization that the initial aggressive timeline was a bit too unrealistic but you can expect CMMC to be in about 15 "pathfinder" contracts in the fall time frame with that flowing down to about 100 suppliers below.  There will be opportunities to 3PAO's, individual and organizations, to perform the assessments. Biggest thing I see now are the snake oil salesmen out trying to tell folks they can sell you something to make you CMMC compliant, ummmmm no......

Highlighted
Community Champion

Re: DoD Cybersecurity Maturity Model Certification

@TXWayne   This is interesting, whilst the Australian Security Directorate, have told all those who went through the IRAP certification process, that the certification for Cloud will be dropped in July 2020.   The rationale is to open up competition - more likely a lot more work by the Agencies themselves to verify whether or not they should be using cloud services from those entrepreneurs, who may have very little regard for security & privacy.

 

A big headache coming up I reckon.

 

Regards

 

Caute_cautim

Highlighted
Viewer

Re: DoD Cybersecurity Maturity Model Certification

The rule will be final at the end of this month. This is getting real.

 

I'm working for a company that has been doing NIST 800-171 assessments and is already doing CMMC assessments. We are in line to be a CMMCAB Registered Practitioner. 

 

Regards,

 

Norris Carden

MADSecurity