US DoD with a new foundation for acquisition that cannot be traded along with cost, schedule, or performance – CMMC is coming! Read our last report from AUSA 2019 from the 7th Annual Cyber Resilience Summit, hosted by CISQ at the Army-Navy Country Club in Arlington.
Bob Kolasky, Assistant Director of the National Risk Management Center, Cybersecurity and Infrastructure Security Agency (CISA), U.S Department of Homeland Security welcomed all participants and created an interesting and constructive atmosphere for the topics of the day. It was early evident that Cybersecurity Maturity Model Certificate (CMMC) would be a hot topic for the day.
What are the critical success factors for reducing risks?
The day continued with addressing topics as Scaled Agile Framework (SAFE), Critical success factors for reducing risk in development, Reducing IT risk with suppliers by reducing architectural and technical debt and Regulators Roundtable with participants as Dr. Bill Curtis Executive of CISQ director and Dr. Seth Carmody, Cybersecurity Program Manager at FDA. All fruitful and challenging discussions to ensure that cybersecurity is prioritized accordingly.
An inspirational keynote speech
The Keynote address for this event was the Cybersecurity Maturity Model Certificate (CMMC) held by Katie Arrington, Special Assistant for Cybersecurity in the Office of the Under Secretary of Defense for Acquisition and Sustainment.
I would like to point out that of all the presentations I have had the honor of attending in my life, this was by far one of the most interesting and enjoyable. The share energy and enthusiasm of Katie Arrington is alone something special to experience. Combined with here thoughtful arguments, business approach, and talent for understanding skepticism and using this to convince others of her strategy, is something I thoroughly enjoyed.
How will the US DoD secure the Supply Chain?
To secure the Department of Defense (DoD) Supply Chain, the DoD is creating the Cybersecurity Maturity Model Certification program. The CMMC shall be established as the foundation for acquisition and as something that cannot be traded along with cost, schedule, or performance. The CMMC combines the various cybersecurity standards into a unified standard that will serve as a requirement to do business with the Department.
The CMMC is applicable for all the 300,000 organizations that make up the DoD Supply Chain. To ensure scalability, the DoD, in partnership with the Defense Contract Management Agency and the Defense Counterintelligence Security Agency, will incorporate tools to conduct audits, collect metrics, and inform risk mitigation. Additionally, the Department will outsource assessments to independent 3rd party organizations.
Katie Arrington explained and focused on the current status in regard to cybersecurity in the DoD supply chain and that we have several areas where we need to improve our security. The model beneath gives an overall indication of what the current status is and where the vast majority is situated. This tells us that we must imminent and forcefully start implementing procedures to secure our supply chain.