Georgia Tech Procurement Assistance Center

  • Home
  • About Us
  • Training
    • Class Registration
    • On-demand Training
  • Useful Links
  • Team Directory
    • Albany Counselor
    • Atlanta Counselors
    • Augusta Counselor
    • Carrollton Counselor
    • Columbus Counselor
    • Gainesville Counselor
    • Savannah Counselor
    • Warner Robins Counselor
  • Directions
    • Atlanta – Training Facility
    • Atlanta – Office
    • Albany
    • Augusta
    • Carrollton
    • Columbus
    • Gainesville
    • Savannah
    • Warner Robins
  • New Client Application
  • Contact Us

Final rule, formal training on CMMC could hit this summer

February 22, 2021 By Nancy Cleveland

A final rule on the Defense Department’s unified cybersecurity standard could debut as soon as this summer, defense officials said.  But implementation hinges on standing up a formal training system.

Diane Knight, who is DOD’s lead for the Cybersecurity Maturity Model Certification program’s pathfinders and pilots, said a final rule could roll out as soon as April but wouldn’t confirm a concrete timeline.

“There will be a final rule and we have that identified on schedule coming up here too,” Knight said Jan. 26 during a virtual town hall hosted by the CMMC Accreditation Body (AB).

Knight also previewed a “notional” timeline for the pilots where requests for proposals would be released in April and awards coming in August.  By April contractors seeking to participate in the pilots would be expected to have prepared for a CMMC assessment, reviewed requirements with subcontractors and to request an authorized third-party assessors (C3PAOs) assessment.  Proposals would be due by July, according to the documents, and a certification would be needed when the contract is awarded.

Continue reading at:  FCW

Filed Under: Contracting News Tagged With: CMMC, cybersecurity, Cybersecurity Maturity Model Certification

DOD’s cybersecurity certification requirements to appear in DHS contracts

February 22, 2021 By Nancy Cleveland

The Department of Defense is figuring out how to incorporate its Cybersecurity Maturity Model Certification program in contracts offered by the Department of Homeland Security, according to the official helming the initiative.

The CMMC program will ultimately require all defense contractors have their cybersecurity practices certified by a system of independent third-party auditors.  As it is now, companies simply pledge their adherence to security controls detailed in standards issued by the National Institute of Standards and Technology.

Rules to implement the program are expected to be finalized as early as next month and have caused some heartburn within the contracting community.  But the program is being rolled out in phases—15 prime contractors, and all their subcontractors, are being selected to undergo assessments this year—and won’t be fully applicable until 2025.

Continue reading at:  Nextgov

Filed Under: Contracting News Tagged With: CMMC, cybersecurity, Cybersecurity Maturity Model Certification, minimum wage

Arrington forecasts CMMC in every DoD contract by FY2026

February 22, 2021 By Nancy Cleveland

By Fiscal Year 2026, every contractor seeking to do business with the Department of Defense (DoD) will be required to have at least a Level 1 Cybersecurity Maturity Model Certification (CMMC), Katie Arrington, the Pentagon’s CISO for acquisition and sustainment, said Feb. 3.

DoD plans on rolling out 15 prime contracts including the CMMC requirement this year and scales up gradually, topping at 479 contracts in both Fiscal Year 2024 and 2025.  Those plans take into account up to around 100 unique sub-contractors on each prime contract, meaning the plan is to have 1,500 CMMC accredited contractors by the end of Fiscal Year 2021, which ends Sept. 30.

“CMMC is coming to a company or a program near you,” Arrington said at Washington Technology’s CMMC webinar Feb. 3.  “This is not a checklist…Technology is something that is really great, but you need to understand the risk-reduction strategies associated with it.”

Continue reading at:  MeriTalk

You can find GTPAC guidance on CMMC here:  https://gtpac.org/cybersecurity-training-video/

Filed Under: Contracting News Tagged With: CMMC, cybersecurity, Cybersecurity Maturity Model Certification

GTPAC updates cybersecurity resource page to include CMMC guidance

February 16, 2021 By Nancy Cleveland

GTPAC has now updated its cybersecurity resource page to include guidance on CMMC.

CMMC stands for “Cybersecurity Maturity Model Certification.”  CMMC, which was created by the U.S. Department of Defense (“DoD”), is a unified cybersecurity standard and framework that includes a comprehensive and scalable certification element to verify contractor implementation of required cybersecurity processes and practices.

CMMC is designed to provide assurance to DoD that defense contractors can adequately protect sensitive unclassified information.  CMMC is important because if a DoD contract has a CMMC requirement, a contractor will need to obtain a CMMC certification at the required level to win and perform that contract (or subcontract).  It is anticipated that eventually, most DoD contracts will require at least some level of CMMC certification.

So if you want to be a DoD contractor, it’s important to learn about CMMC.  You can find more detailed information on CMMC and other cybersecurity standards, such as NIST 800-171, on our cybersecurity resource page.

Filed Under: GTPAC News Tagged With: CMMC, cybersecurity, Cybersecurity Maturity Model Certification, NIST 800-171

NIST finalizes enhanced security requirements for combating advanced cyber threats

February 16, 2021 By Nancy Cleveland

The National Institute of Standards and Technology (NIST) recently released the final version of NIST Special Publication (SP) 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information.  Designed to supplement the requirements in NIST SP 800-171—the applicable standard under DFARS 252.204-7012—800-172 provides 35 enhanced security requirements to protect controlled unclassified information (CUI) associated with critical programs and high-value assets from sophisticated adversaries referred to as advanced persistent threats (APTs).

Continue reading at:  Crowell

Filed Under: Contracting Tips Tagged With: CMMC, cybersecurity, Cybersecurity Maturity Model Certification

CMMC model tweaks coming after industry feedback

February 15, 2021 By Nancy Cleveland

The foundation of the Cybersecurity Maturity Model Certification (CMMC) — the Department of Defense’s new cyber requirements for contractors — will see some coming changes, its leaders recently said.

The DOD will make alterations to the highest level of the five-tier security model after receiving public comments on the recently issued CMMC Defense Federal Acquisition Regulation System rule.

The department issued an “interim final” rule in September instead of first issuing a proposed rule, which meant the rule took effect upon publication.  But there was still a 60-day comment period for industry to weigh in.  The Office of Management and Budget, which hosts the council overseeing acquisition rules, allowed for this because of “the threat to national security” embedded in supply chain vulnerabilities, Jessica Maxwell, a DOD spokeswoman said in a statement.

“We did not plan to make changes to the DFAR rule,” Maxwell said.  She added: “We also recognize that as the threat is not static nor should our model not be static, we are always evaluating the best standards to implement to address relevant threats.”

Continue reading at:  FedScoop

Filed Under: Contracting News Tagged With: CMMC, cybersecurity, Cybersecurity Maturity Model Certification

DoD publishes long awaited interim rule on CMMC

October 2, 2020 By Nancy Cleveland

At long last, the Department of Defense (“DoD”) has provided its interim rule, published in the Federal Register on September 29, 2020, amending the Defense Federal Acquisition Regulation Supplement (“DFARS”) to set forth requirements for the Cybersecurity Maturity Model Certification (“CMMC”) program, as well as new requirements for a “NIST SP 800-171 DoD Assessment Methodology.”  The interim rule is effective November 30, 2020, and comments to the interim rule should be submitted by November 30 as well. 

NIST SP 800-171 DoD Assessment Methodology

For contractors already required to comply with NIST SP 800-171, per DFARS 252.204-7012, DoD now is going to hold those contractors accountable, instituting an assessment and reporting system to verify compliance before new contracts can be awarded.  While the new requirement is for information to be provided prior to contract award, DoD encourages affected contractors to begin their self-assessments immediately.

The Assessment Methodology will include three assessment levels:  (1) Basic, (2) Medium, and (3) High.  The Basic Assessment will be a self-assessment completed by the contractor prior to contract award, while the Medium and High Assessments are available options for DoD to complete after award.  DoD estimates it will conduct 200 Medium Assessments and 110 High Assessments each year.  Additional information regarding DoD assessments is available here.

There is a specific scoring methodology to be followed for the Assessment.  A contractor that has fully implemented all 110 NIST SP 800-171 controls will have a score of “110.”  It goes without saying that contractors will need to be careful here – an inaccurate report could subject a company to exposure under the False Claims Act.

Assessments will be valid for three years unless there are issues requiring a reassessment sooner.  The newly-announced Assessment Methodology appears to be an immediate solution to provide DoD some peace of mind on contractor data security until the CMMC program can be fully implemented.

Continue reading at the Sheppard Mullin GovCon Blog.

Filed Under: Contracting News Tagged With: CMMC, cybersecurity, Cybersecurity Maturity Model Certification, DFARS 252.204-7012

Who pays for CMMC certification?

February 14, 2020 By Nancy Cleveland

Last week, DOD announced the release of CMMC Version 1.0.  CMMC Version 1.0 is a comprehensive certification process featuring 171 cybersecurity best practices to ensure that contractors secure their information systems.  The question on everyone’s mind is who is going to pay for the certification and all of the work necessary to comply.

DOD has been less than clear on how contractors are expected to pay for CMMC certification. But what is clear is that the costs associated with obtaining CMMC certification will be significant.  It is unclear whether contractors can seek reimbursement for these costs.  They may be able to claim costs as an allowable indirect cost.  We suspect that the cost of certification itself will be covered, but that the greater costs associated with becoming compliant will not be covered as a reimbursable direct cost.

Continue reading at:  Fox Rothschild

Filed Under: Contracting Tips Tagged With: allowable costs, CMMC, cybersecurity, Cybersecurity Maturity Model Certification

The CMMC has arrived: DoD publishes version 1.0 of its new cybersecurity framework

February 14, 2020 By Nancy Cleveland

On January 31, 2020, the Department of Defense (“DoD”) publicly released Version 1.0 of the Cybersecurity Maturity Model Certification (“CMMC”) framework.  The CMMC is a certification framework developed by DoD that measures a defense contractor’s ability to safeguard Federal Contract Information (“FCI”) and Controlled Unclassified Information (“CUI”) handled in the performance of DoD contracts.  By FY 2026, CMMC certification will be a requirement for any company doing business with DoD, either as a prime contractor or lower-tier subcontractor.  Version 1.0 of the CMMC fills in several gaps from the earlier drafts, which we assess in prior articles.  Additionally, the public briefing that accompanied the release of Version 1.0 included new insights into DoD’s rollout of the CMMC framework.  This alert walks through the CMMC framework, highlights updates from prior drafts, summarizes DoD’s proposed rollout, and provides considerations for companies during CMMC implementation.

Continue reading at:  K&L Gates

Filed Under: Contracting News Tagged With: CMMC, cybersecurity, Cybersecurity Maturity Model Certification

CMMC model 1.0 released: DoD’s unified cybersecurity standard for future acquisitions

February 1, 2020 By Nancy Cleveland

In a major effort to strengthen the cybersecurity posture of the hundred of thousands of Defense Industrial Base (DIB) contractors and subcontractors, the Department of Defense yesterday released final Model Version 1.0 of the Cybersecurity Maturity Model Certification (CMMC) framework.

This version replaces previously released versions 0.4, 0.6, and 0.7, which have been made available to the public via the CMMC official website.

Continue reading at:  JD Supra

Filed Under: Contracting News Tagged With: CMMC, cybersecurity, Cybersecurity Maturity Model Certification

  • « Previous Page
  • 1
  • 2
  • 3
  • 4
  • …
  • 19
  • Next Page »

Recent Posts

  • Contractors must update EEO poster
  • SBA scorecard shows federal government continues to prioritize small business contracting
  • The risk of organizational conflicts of interest
  • The gap widens between COFC and GAO on late is late rule
  • OMB releases guidance related to small business goals

Popular Topics

8(a) abuse Army bid protest budget budget cuts certification construction contract awards contracting opportunities cybersecurity DoD DOJ False Claims Act FAR federal contracting federal contracts fraud GAO Georgia Tech government contracting government contract training government trends GSA GSA Schedule GTPAC HUBZone innovation IT Justice Dept. marketing NDAA OMB SBA SDVOSB set-aside small business small business goals spending subcontracting technology VA veteran owned business VOSB wosb

Contracting News

SBA scorecard shows federal government continues to prioritize small business contracting

OMB releases guidance related to small business goals

OMB issues guidance on impact of injunction on government contractor vaccine mandate

Changes coming to DOD’s Cybersecurity Maturity Model Certification under CMMC 2.0

Judge issues nationwide injunction halting enforcement of COVID-19 vaccine mandate

Read More

Contracting Tips

Contractors must update EEO poster

The risk of organizational conflicts of interest

The gap widens between COFC and GAO on late is late rule

Are verbal agreements good enough for government contractors?

CMMC 2.0 simplifies requirements but raises risks for government contractors

Read More

GTPAC News

VA direct access program events in 2022

Sandia National Laboratories seeks small business suppliers

Navy OSBP hosting DCAA overview (part 2) event Jan. 12, 2022

Navy OSBP hosting cybersecurity “ask me anything” event Dec. 16th

State of Georgia hosting supplier systems training on January 26, 2022

Read More

Georgia Tech News

Undergraduate enrollment growth reflects inclusive excellence

Georgia Tech delivers $4 billion in economic impact to the State of Georgia

Georgia Tech awards first round of seed grants to support team-based research

Georgia Tech announces inaugural Associate Vice President of Corporate Engagement

DoD funds Georgia Tech to enhance U.S. hypersonics capabilities

Read More

  • SAM.gov registration is free, and help with SAM is free, too
APTAC RSS Twitter GTPAC - 30th Year of Service

Copyright © 2023 · Georgia Tech - Enterprise Innovation Institute