Cybersecurity Maturity Model Certification version 1.0, or CMMC, was released in January. The aim of the initiative is to prod the defense industrial base to better protect its networks and controlled unclassified information against cyberattacks and theft by competitors such as China. The lower tier of the supply chain is of particular concern to Pentagon officials.<\/a><\/p>\nThe specific standards that must be met will depend on the program and work that a company will be doing. The level 1 standards will be the least demanding and level 5 the most burdensome.<\/p>\n
Third-party assessors, known as C3PAOs, will be trained and approved by a new accreditation body. They will have to certify that a company has met the CMMC standards before it can win contracts.<\/p>\n
The new model will be phased in over the next five years to give contractors time to adjust. By fiscal year 2026, all new Defense Department contracts will contain CMMC requirements that companies must meet to win the award.<\/p>\n
Now, foreign nations are considering following in the Pentagon\u2019s footsteps, Undersecretary of Defense for Acquisition and Sustainment Ellen Lord said at the annual McAleese & Associates defense programs conference in Washington, D.C.<\/p>\n
\u201cCybersecurity threatens the defense industry, our national security as well as our partners and allies,\u201d she said.<\/p>\n
\u201cThe CMMC team is working with multiple countries, including Canada, the U.K., Denmark, Italy, Australia, Singapore, Sweden, Poland and the EU Cybersecurity Body,\u201d she noted. \u201cAll of these countries and groups acknowledged the challenge we have with cybersecurity. They’re looking at what is the most efficient and effective way to secure their industrial base, and there are significant conversations about perhaps adopting our CMMC. So more to come.\u201d<\/p>\n
Talks are ongoing through a variety of bilateral discussions, she added.<\/p>\n
Meanwhile, the Defense Department is moving forward with its own implementation plans.<\/p>\n
The new requirements will be included in requests for proposals for about 10 pathfinder projects later this year.<\/p>\n
\u201cNow that CMMC is released, we’re really focusing on the remaining timeline, selecting third-party vendors to do the auditing, creating CMMC training material, rulemaking \u2026 and completing an agreement with the newly established CMMC accreditation body,\u201d Lord said.<\/p>\n
There will be a public hearing about the standards in late April or early May, she noted. A rule change for Defense Federal Acquisition Regulation Supplement 252.204.7012 is slated for the October timeframe. The first CMMC training course for auditors is on track to kick off in April, she said.<\/p>\n
Lord was asked if each company in the industrial base would have to contract separately with the third-party auditors.<\/p>\n
\u201cThat’s being discussed right now,\u201d she said, noting that defense officials will be meeting with CEOs and associations like the National Defense Industrial Association later this week.<\/p>\n
\u201cThat’s one of the topics we’re talking about,\u201d Lord said. \u201cWe’re trying to simplify that for industry in general and we’re also focusing on how the primes reach down through the sixth, seventh, eighth, ninth level of their supply chain. So that’s being worked on right down.\u201d<\/p>\n
Fuente:<\/strong> https:\/\/www.nationaldefensemagazine.org<\/em><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"Los aliados de EE.UU est\u00e1n considerando adoptar nuevos est\u00e1ndares de seguridad cibern\u00e9tica que la industria eventualmente debe cumplir si quieren hacer negocios con el Pent\u00e1gono.… <\/p>\n","protected":false},"author":1,"featured_media":5425,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[2,37,23],"tags":[],"_links":{"self":[{"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/posts\/5424"}],"collection":[{"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5424"}],"version-history":[{"count":0,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/posts\/5424\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/media\/5425"}],"wp:attachment":[{"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5424"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5424"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5424"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}