Georgia Tech Procurement Assistance Center

  • Home
  • About Us
  • Training
    • Class Registration
    • On-demand Training
  • Useful Links
  • Team Directory
    • Albany Counselor
    • Atlanta Counselors
    • Augusta Counselor
    • Carrollton Counselor
    • Columbus Counselor
    • Gainesville Counselor
    • Savannah Counselor
    • Warner Robins Counselor
  • Directions
    • Atlanta – Training Facility
    • Atlanta – Office
    • Albany
    • Augusta
    • Carrollton
    • Columbus
    • Gainesville
    • Savannah
    • Warner Robins
  • New Client Application
  • Contact Us

Here are the NSA general counsel’s cybersecurity warnings

January 23, 2020 By Nancy Cleveland

The U.S. government needs to do more to protect itself in cyberspace as adversaries’ technological capabilities rise, according to the departing general counsel of the NSA.

Glenn Gerstell, who is leaving the NSA later this year, said the expanding threat landscape — caused by the combination of nation-state’s capabilities and the onset of technologies such as 5G, artificial intelligence and the internet of things — presented several challenges that the intelligence community must grapple with long after he leaves the agency.

“It is almost impossible to overstate the gap between the rate at which the cybersecurity threat is getting worse relative to our ability to effectively address it,” Grestell said at an American Bar Association event Jan. 15.

Continue reading at:  Fifth Domain

Filed Under: Contracting Tips Tagged With: CMMC, cybersecurity, Cybersecurity Maturity Model Certification, NSA

Getting Ready for CMMC (Resources and Links)

January 17, 2020 By Nancy Cleveland

The Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) program will be a new contractual requirement for all DoD contractors.  It will impact the 300,000 firms that make up the defense industrial base.  It will not be a self-attestation model, but rather a third-party certification and compliance model.

In 2020, the DoD plans to finalize the CMMC framework and to start implementation with a select group of acquisitions.

Here are some go-to facts and resources to help you prepare.

You can find the resources and links at:  JD Supra

Filed Under: Contracting Tips Tagged With: CMMC, Cyber Security, cybersecurity, Cybersecurity Maturity Model Certification

Recent cases indicate viability of False Claims Act liability connected to federal cybersecurity standards

January 17, 2020 By Nancy Cleveland

Government contractors are no strangers to the numerous quality standards and assurances required by the government.  Over the past several years, cybersecurity in federal contracting has emerged as yet another standard to achieve.  While data breaches are big news in the private sector, the issue remained somewhat under the radar for public contracts — until now.

Last summer, two significant whistleblower cases sent ripples through the False Claims Act (FCA) community by demonstrating the specter of FCA liability resulting from the failure to comply with cybersecurity requirements in government contracts.  In May, the U.S. District Court for the Eastern District of California refused to dismiss a case alleging that Aerojet Rocketdyne Holdings Inc. falsely asserted its compliance with the Department of Defense’s (DOD) cybersecurity standards.  Then, in late July, the government announced that Cisco Systems Inc. agreed to pay $8.6 million to settle a whistleblower suit alleging that the company fell short of federal cybersecurity standards by selling video surveillance products with known vulnerabilities that hackers could exploit.  These cases show that cybersecurity-based FCA claims may be the new frontier and that such claims may prove difficult to defeat depending on the facts in any given case.

Continue reading at:  Carlton Fields

Filed Under: Contracting News Tagged With: Cyber Security, cybersecurity, false claims, False Claims Act

Why companies should start preparing for CMMC now

January 17, 2020 By Nancy Cleveland

It’s a new year — and a new cybersecurity regime for vendors working on defense contracts is coming.

The Defense Department has been steadily working on its new unified standard, the Cybersecurity Maturity Model Certification (CMMC), and is expected to release a final version and a list of accrediting bodies in January.  But while companies shouldn’t wait until things are finalized to prep for certification, many are stuck.

“CMMC is going to be law of the land,” Corbin Evans, the director of regulatory policy for the National Defense Industrial Association, told Defense Systems, yet “folks are a little hesitant to make any major moves.”

Continue reading at:  Defense Systems

Filed Under: Contracting Tips Tagged With: CMMC, cybersecurity, Cybersecurity Maturity Model Certification

Podcast: 2020 will be a busy year for federal procurement

January 17, 2020 By Nancy Cleveland

Fiscal year 2020, which coincides with calendar year 2020, started off busy on the federal contracting front.  Dan Snyder, the director of government contracts at Bloomberg Government, joined Federal Drive with Tom Temin for a look ahead.

Listen to the podcast at:  Federal News Network

Filed Under: Contracting Tips Tagged With: CMMC, cybersecurity, forecast, GSA Schedule, podcast, procurement forecast, Runway Extension Act, spending

How DoD’s new cybersecurity rules affect government contractors

January 17, 2020 By Nancy Cleveland

At the end of the last year the Department of Defense (DoD) issued six guidance memoranda aimed at assisting acquisition personnel in developing what has been described as “effective cybersecurity strategies to enhance existing protection requirements.”  This included a mandate for the Defense Contract Management Agency to ensure that cybersecurity compliance will be a part of a contractor’s purchasing system audit and approval process.

Among the changes is the new Cybersecurity Maturity Model Certification (CMMC), which will replace the self-attestation model and move towards third party certification.  It will require all defense contractors and subcontractors to undergo a third party assessment of their internal cybersecurity technical practices and process maturity against published standards.

The final version of CMMC is set to be published by the end of January.  The certification will be built on existing requirements such as NIST SP 800-171, NIST SP 800-53, AIA NAS9933, private sector contributions, and input from academia.  An independent accrediting body will soon begin training the auditors.

Continue reading at:  Clearance Jobs

Filed Under: Contracting Tips Tagged With: CMMC, Cyber Security, cybersecurity

2020 and the Department of Defense’s Cybersecurity Maturity Model Certification Program

January 10, 2020 By Nancy Cleveland

2019 has been a year of pivotal developments for defense contractors in the realm of cybersecurity compliance.  The Department of Defense (DoD) issued six guidance memoranda to assist its acquisition personnel in developing “effective cybersecurity strategies to enhance existing protection requirements,” including a mandate for the Defense Contract Management Agency to include cybersecurity compliance as a part of a contractor’s purchasing system audit and approval.  2019 also saw the first False Claims Act whistleblower litigation related to contractors’ compliance with DoD cybersecurity contracting provisions.

Beyond merely focusing on enforcement of existing compliance obligations, the DoD upped the ante in June 2019 with its announcement of its forthcoming Cybersecurity Maturity Model Certification (CMMC).  CMMC is the next step in the DoD’s efforts to protect the government’s sensitive, unclassified information against data exfiltration, and once it goes into effect CMMC will be a mandatory, third-party certification for all DoD contractors and subcontractors.

While there remain many unanswered questions surrounding the details and implementation of CMMC, the DoD has made clear that CMMC is coming and the defense contracting community must be ready to implement these requirements in order to continue receiving defense contracts, subcontracts and other DoD-funded agreements.

What Will CMMC Require?

As currently drafted, CMMC will require all defense contractors and subcontractors to undergo a third party assessment of their internal cybersecurity technical practices and process maturity against published standards.  This assessment will result in certification at one of five levels – 1 being the lowest and 5 the highest – or no certification.  Each subsequent level is cumulative, meaning a company must meet the requirements of all lower levels to qualify for a higher level of certification.  In addition, an organization must satisfy both the defined practices and process maturity criteria within a given level across all areas of the model to achieve certification at that level (e.g., having a Level 3 assessment on technical practices and Level 2 on process maturity results in an overall Level 2 certification).

The DoD expects contractor CMMC assessments to begin in early June 2020.  CMMC requirements will start appearing in DoD Requests for Information around this same time, and they become mandatory in all DoD solicitations beginning fall 2020.  Once implemented, each DoD solicitation will identify the minimum required CMMC level a company must have to be eligible for that contract award.

On December 6, 2019, the DoD released Version 0.7 of the draft CMMC framework.  This update refines the technical practice requirements for Levels 1-5 and provides further guidance regarding process maturity expectations.  Level 1 identifies 17 basic requirements, mostly consistent with existing general government contractor cybersecurity requirements, while Level 3 aligns with full NIST SP 800-171 Rev 1 compliance.  Levels 4 and 5 require “proactive” and “progressive” cybersecurity programs, respectively, and impose additional practices derived from Draft NIST SP 800-171B and other heightened cyber standards.  These top two levels are expected to be reserved for companies handling information related to critical technologies.

The CMMC model will not be static, however: it will be adapted and revised whenever and however needed as the DoD identifies new threat vectors.  While a company’s certification is generally expected to last for  three years, including interim spot checks, model revisions could necessitate earlier reassessment.

Continue reading at:  National Law Review

Filed Under: Contracting Tips Tagged With: CMMC, cybersecurity, Cybersecurity Maturity Model Certification, DoD

DoD releases version 0.7 of its Cybersecurity Maturity Model Certification

January 10, 2020 By Nancy Cleveland

On December 13, the Department of Defense (“DoD”) released the latest version of its Cybersecurity Maturity Model Certification (“CMMC”).  This is the third iteration of the draft model that DoD has publicly released since it issued the first draft in October.  (We previously discussed Version 0.4 and Version 0.6 of the CMMC in prior blog posts.)

DoD describes the CMMC as “a DoD certification process that measures a DIB sector company’s ability to protect FCI [Federal Contract Information] and CUI [Controlled Unclassified Information].”  DoD has stated publicly that it intends to begin incorporating certification requirements into solicitations starting in Fall 2020, with compliance audits beginning in late 2020 or early 2021.  Depending the sensitivity of the information that contractors will receive in the course of performing work for DoD, they will be expected to demonstrate compliance through third party audits with the requirements set forth under one of five certification levels.  This applies even where contractors will not be handling FCI or CUI in the course of performing their contracts.

The two most significant updates to the model in this version of the draft are (i) the addition of “Practices” for obtaining Level 4 and 5 certifications, and (ii) an expansion of “clarifications” section, which now covers the requirements of Levels 2 and 3 of the model, in addition to Level 1.  These changes and others are discussed in more detail later in this article.  Given the expected release in late January 2020, it is likely that the requirements in this draft will closely resemble those that will be set forth in Version 1.0 of the CMMC framework, which is anticipated to serve as the basis for the first contractor audits.

Continue reading at:  Inside Government Contracts

Filed Under: Contracting News Tagged With: CMMC, cybersecurity, Cybersecurity Maturity Model Certification

Cybersecurity requirements likely for defense contracts by June 2020

January 10, 2020 By Nancy Cleveland

The Defense Department expects that by June 2020, industry will see cybersecurity requirements included as part of new requests for information, which typically serve as one of the first steps in the awarding of new defense contracts.

Ellen Lord, the undersecretary of defense for acquisition and sustainment, said the new cybersecurity maturity model certification program is a critical part of ensuring that companies hoping to do business with the department meet important cybersecurity requirements.

“The cybersecurity maturity model certification, or CMMC program, establishes security as the foundation to acquisition and combines the various cybersecurity standards into one unified standard to secure the DOD supply chain,” Lord said.

You can read more about CMMC here:  https://www.acq.osd.mil/cmmc/
You can continue reading the article at:  U.S. Department of Defense News

Filed Under: Contracting News Tagged With: CMMC, cybersecurity, Cybersecurity Maturity Model Certification, DoD, U.S. Department of Defense

Defense contractors: Prepare for CMMC in 2020

January 9, 2020 By Nancy Cleveland

In 2016, the U.S. Department of Defense (DoD) issued a Defense Federal Acquisition Regulation Supplement (DFARs) intended to better protect defense data and networks.  Beginning in 2017, DoD began issuing a series of memoranda to further enhance protection of defense data and networks via Cybersecurity Maturity Model Certification (CMMC).

In December 2019, the Department of State, Directorate of Defense Trade Controls (DDTC) issued long-awaited guidance in part governing the minimum encryption requirements for storage, transport and/or transmission of controlled but unclassified information (CUI) and technical defense information (TDI) otherwise restricted by ITAR.

The foregoing multi-year effort to protect defense data and national security networks are culminating in 2020  ̶  and government contractors must be prepared to comply or face potentially draconian consequences ranging from disqualification to enforcement.

Continue reading at:  Bradley

Filed Under: Contracting Tips Tagged With: CMMC, Cyber Security, cybersecurity, Cybersecurity Maturity Model Certification, DoD

  • « Previous Page
  • 1
  • 2
  • 3
  • 4
  • 5
  • …
  • 19
  • Next Page »

Recent Posts

  • Contractors must update EEO poster
  • SBA scorecard shows federal government continues to prioritize small business contracting
  • The risk of organizational conflicts of interest
  • The gap widens between COFC and GAO on late is late rule
  • OMB releases guidance related to small business goals

Popular Topics

8(a) abuse Army bid protest budget budget cuts certification construction contract awards contracting opportunities cybersecurity DoD DOJ False Claims Act FAR federal contracting federal contracts fraud GAO Georgia Tech government contracting government contract training government trends GSA GSA Schedule GTPAC HUBZone innovation IT Justice Dept. marketing NDAA OMB SBA SDVOSB set-aside small business small business goals spending subcontracting technology VA veteran owned business VOSB wosb

Contracting News

SBA scorecard shows federal government continues to prioritize small business contracting

OMB releases guidance related to small business goals

OMB issues guidance on impact of injunction on government contractor vaccine mandate

Changes coming to DOD’s Cybersecurity Maturity Model Certification under CMMC 2.0

Judge issues nationwide injunction halting enforcement of COVID-19 vaccine mandate

Read More

Contracting Tips

Contractors must update EEO poster

The risk of organizational conflicts of interest

The gap widens between COFC and GAO on late is late rule

Are verbal agreements good enough for government contractors?

CMMC 2.0 simplifies requirements but raises risks for government contractors

Read More

GTPAC News

VA direct access program events in 2022

Sandia National Laboratories seeks small business suppliers

Navy OSBP hosting DCAA overview (part 2) event Jan. 12, 2022

Navy OSBP hosting cybersecurity “ask me anything” event Dec. 16th

State of Georgia hosting supplier systems training on January 26, 2022

Read More

Georgia Tech News

Undergraduate enrollment growth reflects inclusive excellence

Georgia Tech delivers $4 billion in economic impact to the State of Georgia

Georgia Tech awards first round of seed grants to support team-based research

Georgia Tech announces inaugural Associate Vice President of Corporate Engagement

DoD funds Georgia Tech to enhance U.S. hypersonics capabilities

Read More

  • SAM.gov registration is free, and help with SAM is free, too
APTAC RSS Twitter GTPAC - 30th Year of Service

Copyright © 2023 · Georgia Tech - Enterprise Innovation Institute