Georgia Tech Procurement Assistance Center

  • Home
  • About Us
  • Training
    • Class Registration
    • On-demand Training
    • GTPAC COVID-19 Resource Page
    • Cybersecurity
    • Veterans Verification Video
    • GTPAC Community
    • Other Training Audio & Video
  • Useful Links
  • Team Directory
    • Albany Counselor
    • Atlanta Counselors
    • Augusta Counselor
    • Carrollton Counselor
    • Columbus Counselor
    • Gainesville Counselor
    • Savannah Counselor
    • Warner Robins Counselor
  • Directions
    • Atlanta – Training Facility
    • Atlanta – Office
    • Albany
    • Augusta
    • Carrollton
    • Columbus
    • Gainesville
    • Savannah
    • Warner Robins
  • COVID-19
  • New Client Application
  • Contact Us

GTPAC updates cybersecurity resource page to include CMMC guidance

February 16, 2021 By Andrew Smith

GTPAC has now updated its cybersecurity resource page to include guidance on CMMC.

CMMC stands for “Cybersecurity Maturity Model Certification.”  CMMC, which was created by the U.S. Department of Defense (“DoD”), is a unified cybersecurity standard and framework that includes a comprehensive and scalable certification element to verify contractor implementation of required cybersecurity processes and practices.

CMMC is designed to provide assurance to DoD that defense contractors can adequately protect sensitive unclassified information.  CMMC is important because if a DoD contract has a CMMC requirement, a contractor will need to obtain a CMMC certification at the required level to win and perform that contract (or subcontract).  It is anticipated that eventually, most DoD contracts will require at least some level of CMMC certification.

So if you want to be a DoD contractor, it’s important to learn about CMMC.  You can find more detailed information on CMMC and other cybersecurity standards, such as NIST 800-171, on our cybersecurity resource page.

Filed Under: GTPAC News Tagged With: CMMC, cybersecurity, Cybersecurity Maturity Model Certification, NIST 800-171

The Navy gets tough on DFARS cybersecurity compliance

October 4, 2019 By Andrew Smith

Last year we told you about a 2018 Navy memo, known as the Geurts Memo, which required defense contractors to implement certain controls for NIST SP 800-171, some of them going beyond 171 requirements.  If you didn’t see our write-up, it can be found here: “Still Lagging on DFARS? The Navy Has A Memo For You”.

The Navy has now gone several steps beyond that 2018 memo and is requiring their contracting officers to implement a strict regime when it comes to their contractors’ compliance with NIST SP 800-171 and the Guerts Memo.

Continue reading at:  Sera-Brynn

Filed Under: Contracting Tips Tagged With: cybersecurity, Navy, NIST 800-171

Prepare now to secure ‘controlled unclassified information’

August 29, 2019 By Andrew Smith

Nowadays, many people are familiar with at least some types of protected information, whether in the form of personal health information or government-classified information. But, contractors working with the Department of Defense (“DoD”) must remember to protect another type of information: controlled unclassified information (“CUI”). Failure by government contractors to put processes in place that protect CUI could result in the loss of contracting opportunities or potential False Claims Act-related litigation.  For more information about the far-reaching implications of cybersecurity requirements on government contractors, please also see Matt Feinberg’s blog on the recent settlement of a cybersecurity False Claims Act (“FCA”) litigation; Isaias “Cy” Alba’s piece about cybersecurity, implied certifications, and the FCA; and Dave Shafer’s analysis of current cybersecurity standards and the DoD’s plans to remedy confusion.

Continue reading at:  Piliero Mazza

Filed Under: Contracting Tips Tagged With: cybersecurity, DoD, NIST 800-171, NIST SP 800-171

Cybersecurity – The Times (and Standards) They Are A Changin’ – FAST!

July 30, 2019 By Andrew Smith

As we reported last month, the Department of Defense (DoD) has been engaging in an unusual rollout of its new cybersecurity certification program by way of  road tours—led by Katie Arrington, the Special Assistant to the Assistant Secretary of Defense for Acquisition and Sustainment for Cyber—that address the tiered, five-level Cybersecurity Maturity Model Certification (CMMC).  At bottom, DoD intends for the CMMC to help streamline the acquisition process by providing acquiring agencies and consenting contractors with more exacting cybersecurity requirements for future acquisitions.  What’s unique about the CMMC rollout is the lack of written guidance on the program.  DoD representatives have orally provided a majority of publicly available information about CMMC only during various webinars and defense-industry events held over the past couple of months.  Indeed, a quick Google search for “CMMC” indicates that, at this time, hard facts about the program appear to be limited to FAQs on a DoD website.

That word of mouth rollout continued during a July 9 presentation at the National Defense Industrial Agency Procurement Division Meeting in Washington, D.C.  During this presentation, Ms. Arrington both reconfirmed some previously discussed details about the CMMC program and provided additional insight into program components that will be of interest to contractors doing business with DoD when the program comes to fruition.

Continue reading at:  McCarter & English

Filed Under: Contracting News Tagged With: CMMC, cybersecurity, DFARS 252.204-7012, NIST 800-171, NIST SP 800-171

Will defense contractors be ready for CMMC?

July 17, 2019 By Andrew Smith

Defense contractors will face big changes and tight timelines over the next year as the Department of Defense rolls out its new Cybersecurity Maturity Model Certification framework, experts say.

The framework, which aims to certify a company’s compliance with federal cybersecurity regulations around controlled unclassified information (CUI), was announced by DOD officials in June.  It will be used to evaluate and rate contractors’ ability to protect sensitive data on a 1-5 scale starting next year.

The initial version of the framework is scheduled to go public in January 2020.  By June 2020, its requirements will start appearing in requests for information, and will become a regular feature of defense procurement by September 2020.  That means defense contractors will have less than eight months to implement changes for compliance with the Defense Federal Acquisition Regulation Supplement and National Institute of Standards and Technology guidance on protecting CUI.

Continue reading at:  FCW

Filed Under: Contracting Tips Tagged With: CMMC, Cyber Security, cybersecurity, NIST 800-171, NIST SP 800-171

DOD’s proposed cybersecurity maturity model certification requirements: what we know and how to prepare

July 11, 2019 By Andrew Smith

The final DFARS cybersecurity rule promulgated in 2016, which included the latest changes to the DFARS clause at 252.204-7012, was a significant development for DoD contractors, in part because it mandates compliance with the 110 security controls in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171.  DoD has been working with the contracting community since that time with respect to the implementation of the final rule, but has concluded that further compliance steps are needed in the form of cybersecurity certification standards.

The anticipated new cybersecurity certification standards for DoD contractors are quickly taking shape.  Katie Arrington, former South Carolina legislator and current special assistant for Cybersecurity to Assistant Secretary of Defense for Acquisition, recently announced that DoD is partnering with the Carnegie Mellon University Software Engineering Institute and the Johns Hopkins University Applied Physics Laboratory in developing the new certification standard: the Cybersecurity Maturity Model Certification or “CMMC.”  This Alert outlines what has been revealed thus far about the CMMC, how the CMMC will affect DoD contractors, and steps you can take to be ready when the CMMC goes live.

Continue reading at:  Miles & Stockbridge

Filed Under: Contracting Tips Tagged With: CMMC, cybersecurity, DoD, NIST 800-171, NIST SP 800-171

7 steps for getting right with NIST 800-171

July 10, 2019 By Andrew Smith

The deadline for defense contractors and subcontractors to implement the information security requirements listed in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 has come and gone.  There are more than 100 information security requirements in NIST 800-171, and it is a good bet that many smaller companies without ample IT resources fall into the category of: “We missed the deadline… what now?”

If you want to continue working with the Department of Defense, the simple answer is you will have to be 800-171 compliant.  This includes secure file sharing and information exchange governance, namely how you store, access, exchange and govern sensitive (but unclassified) information with the agency.  And while the December 31, 2017, deadline was directed at DOD’s industry partners, NIST 800-171 applies to all non-federal organizations that work with U.S. government systems and data.  So the suggestions below are in no way limited to defense contractors!

Continue reading at:  Federal Computer Week

Filed Under: Contracting Tips Tagged With: cybersecurity, DoD, NIST, NIST 800-171, NIST SP 800-171

The importance of compliance with DFARS cybersecurity regulations

July 4, 2019 By Andrew Smith

Clicking the “COMPLY” check box on the list of government requirement flow-downs may seem like a necessary evil of being a supplier to the defense market, but some regulations around information and cybersecurity provide the critical foundations of a trusted computing supply chain.

Cyber and information warfare are the hottest and possibly most contested battlefields in the race for military dominance. Case in point, the U.S. Navy recently changed the name of Space and Naval Warfare Systems Command (SPAWAR) to the Naval Information Warfare Systems Command (NAVWAR), in recognition of how important information warfare to defense strategy.

Similarly, earlier this year, the U.S. Army, announced the evolution of its Cyber Command into the Information Warfare Command, and the U.S. Air Force announced the merger of the 24th Air Force (Air Forces Cyber) and the 25th Air Force, to create a new information warfare focused command.

By all indicators, information currently sits near the top of the food chain of assets requiring protection.  To that end, the U.S. Department of Defense (DOD) upped the ante on regulations around what types of information need protection and how much suppliers must protect that information.

Continue reading here:  Military and Aerospace Electronics

Filed Under: Contracting Tips Tagged With: cybersecurity, DFARS, DoD, NIST 800-171, NIST SP 800-171

NIST updates SP 800-171 to help defend sensitive information from cyberattack

June 27, 2019 By Andrew Smith

An update to one of the National Institute of Standards and Technology’s (NIST) information security documents offers strategies to help protect sensitive information that is stored in computers supporting critical government programs and high value assets. 

The document, entitled Draft NIST Special Publication (SP) 800-171 Revision 2: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, now has a new draft companion publication, NIST SP 800-171B, that offers additional recommendations for handling Controlled Unclassified Information (CUI) in situations where that information runs a higher than usual risk of exposure.  CUI includes a wide variety of information types, from individuals’ names or Social Security numbers to critical defense information. 

When CUI is part of a critical program or a high value asset — such as a weapons system — it can become a significant target for high-end, sophisticated adversaries.  In recent years, these programs and assets have been subjected to an ongoing barrage of serious cyberattacks, prompting the Department of Defense to request additional guidance from NIST. 

 “We need to provide safeguards and countermeasures that can stand up to these attacks,” said NIST’s Ron Ross, one of the publication’s authors.  “We are requesting comments on this initial public draft, which we hope will help organizations protect CUI against our most advanced and persistent adversaries.” 

NIST is accepting comments on both SP 800-171 Rev. 2, which received minor editorial updates, and SP 800-171B until July 19, 2019.  In the future, NIST plans to issue  final versions of both publications.  In addition, a previously available companion document, NIST SP 800-171A, will be updated with new assessment procedures for the enhanced security requirements. 

Continue reading at:  NIST website

Filed Under: Contracting News Tagged With: cybersecurity, NIST 800-171, NIST SP 800-171

DoD unveils proposed cybersecurity capability model certification standards

June 27, 2019 By Andrew Smith

Cybersecurity.  It’s never over, is it?  In what can only be described as a “soft” release, the Department of Defense (DoD) has slowly and quietly begun to reveal its intent to provide federal contractors with a formal cybersecurity certification as early as next year.  The program, known as the Cybersecurity Capability Model Certification (CCMC), is an effort to streamline the acquisition process by providing acquiring agencies and consenting contractors with more exacting cybersecurity requirements for forthcoming acquisitions.

Moreover, as announced clearly and repeatedly by the Special Assistant to the Assistant Secretary of Defense for Acquisition and Sustainment for Cyber, Katie Arrington, during events on May 23, 2019, and June 12, 2019, certain cybersecurity costs will be allowable under certain circumstances.  This means that not only is DoD again in the process of facilitating the acquisition of cybersecurity capabilities throughout its entire supply chain, but now the DoD recognizes that it should actually pay for what it requires of contractors.

Continue reading at:  McCarter and English

Filed Under: Contracting News Tagged With: CMMC, cybersecurity, DoD, NIST 800-171

  • 1
  • 2
  • 3
  • Next Page »

Recent Posts

  • DLA hosting event March 10th with special emphasis on Women-Owned Small Businesses
  • Navy Office of Small Business Programs holding three events in March
  • SBA hosting conversations with contracting officers forum Feb. 25th
  • Final rule, formal training on CMMC could hit this summer
  • Non-compete clauses in government contracting: a case study in enforceability

Popular Topics

8(a) abuse Army bid protest budget budget cuts certification construction contract awards contracting opportunities cybersecurity DoD DOJ False Claims Act FAR federal contracting federal contracts fraud GAO Georgia Tech government contracting government contract training government trends GSA GSA Schedule GTPAC HUBZone innovation IT Justice Dept. marketing NDAA OMB SBA SDVOSB set-aside small business small business goals spending subcontracting technology VA veteran owned business VOSB wosb

Contracting News

Final rule, formal training on CMMC could hit this summer

COFC: “Rule of two” must be analyzed before “any” acquisition

DOD’s cybersecurity certification requirements to appear in DHS contracts

Congressional Research Service publishes updated report on SBA’s 8(a) program

Congressional Research Service publishes new report on SBA’s HUBZone program

Read More

Contracting Tips

Non-compete clauses in government contracting: a case study in enforceability

NDAA for fiscal year 2021 includes numerous provisions impacting government contractors

Beware of the automated email response

Complying with the government’s restrictions on foreign telecommunications equipment

Construction claims in the COVID era: lessons learned and best practices

Read More

GTPAC News

DLA hosting event March 10th with special emphasis on Women-Owned Small Businesses

Navy Office of Small Business Programs holding three events in March

SBA hosting conversations with contracting officers forum Feb. 25th

USACE seeks vaccination center construction support

GTPAC updates cybersecurity resource page to include CMMC guidance

Read More

Georgia Tech News

Collective worm and robot “blobs” protect individuals, swarm together

The Partnership for Inclusive Innovation is now accepting applications for pilot programs

Georgia Tech will help manage DOE’s Savannah River National Laboratory

Dr. Abdallah testifies on U.S. competitiveness, research, STEM pipeline at Congressional hearing

Georgia Tech’s Technology Square Phase III to include George Tower

Read More

  • SAM.gov registration is free, and help with SAM is free, too
APTAC RSS Twitter GTPAC - 30th Year of Service

Copyright © 2021 · Georgia Tech - Enterprise Innovation Institute