The Cybersecurity Maturity Model Certification (CMMC) is a cornerstone of Department of Defense (DOD) supply-chain security efforts, but it is still a work in progress. The goal of protecting controlled unclassified information (CUI) that resides in the data networks of the Defense Industrial Base (DIB) is indisputable. One challenge is how to assess and certify implementation of required security practices at scale, while another is avoiding bureaucratic roadblocks and pricing hurdles that could limit small and medium-sized businesses from successfully conforming to the CMMC standard.
After a pause and a reboot last fall, the CMMC office moved to the DOD CIO’s organization, the number of CMMC levels and practices were reduced, and the opportunity to do self-attestation at Level 1 was introduced.
In the meantime, there are opportunities for all parties to get ahead of the game and engage in CMMC by participating in the early adopter program, by completing self-assessments, and by enrolling in the various types of CMMC professional training.
Washington Technology’s 2022 CMMC 2.0 Ecosystem Summit, which was being produced in partnership with The Cyber AB, explored what the revised CMMC regime will mean for all stakeholders. This first-ever CMMC event that was officially sanctioned by the program’s accreditation body focused on how organizations can best prepare for their CMMC assessments, how the CMMC Ecosystem is gearing up to support the DIB, what the practical implications are for certain CMMC policy positions, and what self-assessment tools NIST and others have made widely available.
Sessions provided an opportunity for deep dives into the mechanics of getting certified, understanding CMMC conflicts of interest, training opportunities, and advantages of going through the processes early.
Attendees camee away with a better understanding of:
The latest CMMC policy developments
The current capacity, offerings, and future projections of the CMMC Ecosystem
The professional track for becoming a CMMC Assessor and/or a CMMC Practitioner
CMMC training opportunities
The Joint Surveillance Voluntary Assessment program
Networking opportunities between all elements of the CMMC Ecosystem
The revised and updated CMMC Code of Professional Conduct
Considerations for small and medium sized DIB companies
Resources and tools that NIST and others have made available to help with self-assessment
Reciprocity expectations for FedRAMP-certified cloud providers
CMMC implications for non-FedRAMP cloud service providers
Legal considerations of performing CMMC self-attestations
The first CMMC event officially sanctioned by The Cyber AB