March 25, 2020

Yesterday, the GovConJudicata Podcast published an update on the Department of Defense's Cybersecurity Maturity Model Certification ("CMMC").  For an introduction to the CMMC, check out their inaugural podcast episode.

#3 – CMMC Update

You can also find the GovConJudicata Podcast on:

You can also listen right here:

Resources:

January 31, 2020

Later today, the Department of Defense will release version 1.0 of its Cybersecurity Maturity Model Certification ("CMMC").  With the CMMC moving full steam ahead, several new pieces of information (below) have come to light regarding the timing of when the CMMC will appear DoD solicitations and the CMMC Accreditation Body's ("CMMC-AB") efforts to train the third-party assessors who will be performing CMMC assessments.

Given that this recent news might...

June 23, 2019

The Department of Defense (DoD) will likely publish a draft Cybersecurity Maturity Model Certification (CMMC) standard sometime this summer (see here and here). While much focus has been on how the CMMC will help shore up defense industrial base (DIB) cybersecurity—i.e., as the enforcement mechanism for DFARS 7012/NIST SP 800-171 compliance via third-party audits––DoD also must address the process of how agency personnel will select the CMMC “go/no-go” threshold for set-aside procureme...

June 8, 2019

DoD to propose Cybersecurity Maturity Model Certification (CMMC)––via third-party audit––and it will add another layer to defense contractor cybersecurity compliance.

It appears that the CMMC will be comprised of five levels, ranging from basic to "State-of-the-Art." In addition, the article reports that, "DoD contracts will require specific levels — and awards will be 'go/no-go' based on the contractor’s certification status."

. . .

Article: https://sera-brynn.com/pentagon-to-unveil-new-cybersec...

April 2, 2019

Got DoD Cyber Compliance?

For DoD contractors, it appears that DFARS 252.204-7012 (NIST SP 800-171) compliance was just the beginning. Next, DoD will not only begin auditing companies for compliance within the next 18 months but also DoD is in the process of creating "new cybersecurity standards this year."

According to the article, "[t]he new cybersecurity standards will build off of the already existing [NIST SP] 800-171 standards required by the Pentagon."

#GovCon #Cybersecurity

https://federalne...

November 28, 2017

December 31, 2017 marks the deadline for compliance with DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting (“Cyber DFARS”).[1] The Cyber DFARS principally requires defense contractors to provide “adequate security” on all “covered contractor information systems”––by implementing NIST SP 800-171 security safeguards––and to comply with cyber incident reporting requirements.[2] While the Department of Defense (“DoD”) has recognized that “[t]here is no single...

Please reload

About CyberJudicata

Welcome to CyberJudicata an informational blog/website focusing on cybersecurity and privacy issues, including cyber policy, data breach, incident response, data security, regulatory compliance, and cyber insurance.

CyberJudicata is published by Joshua Duvall, managing partner at Matross Edwards, a law firm providing government contracts and cybersecurity legal services to small and mid-sized businesses.

Contact Matross Edwards

www.MatrossEdwards.com

info@MatrossEdwards.com

202.854.9959

Search By Tags
Connect
  • Matross Edwards
  • LinkedIn
  • Twitter

Copyright © 2020 Joshua B. Duvall. All rights reserved.

CyberJudicata™ #cyberjudicata

LegalJudicata™ #legaljudicata

GovConJudicata™ #govconjudicata