The Techni-Core Mission:
Engage our customers to define the mission objectives,
Empower solutions teams to execute timely deliverables, and
Exceed mission objectives with rapidly evolving engineering solutions and support.
In January of 2019, Under Secretary for Defense Ellen M. Lord posted a memo to detail coming audits of the DoD supply chain for compliance to DFARS clause 252.204-7012. During a hearing of the Senate Armed Services Committee, DoD CIO Dana Deasy proposed that compliance enforcement could be modeled after industry and may include a combination of validating the certification of supplier systems, helping subcontractors harden their “cyber hygiene” practices and utilize AI to identify areas of the greatest vulnerability. Cyber Security Maturity Model Certification (CMMC) is the result.
With the intent of CMMC, DoD appears to be addressing some of the main issues with implementing cybersecurity controls:
- Consolidation of standards – Under CMMC, there will be a consolidated DoD cybersecurity standard that combines NIST SP 800-53, NIST SP 800-171, AIA MAS 9933, FIPS and others.
- CMMC Maturity Levels – Those if you who are familiar will recognize the CMMI Maturity Level format. With the new CMMC requirements, there will be a range of CMMC maturity levels, which will be designated by contract or task order for qualifying level.
- Cost-reimbursement – CyberSecurity costs will now be an allowable cost on DoD contracts.
- Supply chain verification – CMMC third-party certifiers will have the tools able to conduct audits in order to collect metrics and risk management information for the entire supply chain.
Arrington said she aims to complete the CMMC by January 2020, and industry can expect to start seeing the certification in contract requests for information by June 2020, and in requests for evidence by September 2020.
Techni-Core’s Cybersecurity Consultants are also certified in CMMI Maturity Models and understand how to cross-map your DFARS 252.204-7012 compliance to meet the new CMMC Maturity Models. One Assessment with our customized tool, TechDART, will cross-map your DFARS 7012/NIST 800-171 compliance requirements with your CMMC requirements so you can kill two birds with one stone.