My Profile   |   Contact Us   |   Sign In   |   Register
WIPP In Action
Blog Home All Blogs
Search all posts for:   


View all (82) posts »

Cybersecurity Certification Keeps Chugging Along

Posted By Elizabeth Sullivan, WIPP Advocacy Team, Wednesday, September 9, 2020
The last time I wrote about Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) was back in early March when the DoD released their final version to industry. The pandemic hit shortly after and turned things upside down – except for the rollout of CMMC, which has continued to move forward. 
Elizabeth Sullivan
So, where does everything stand now?

A major step has been taken in moving this process along – training started at the end of August for certification assessors. These 73 assessors, however, are part of a “provisional program” and won’t actually be assigning the companies they evaluate a final CMMC level. Think of these initial assessments as more of a dry run, with the goal of providing feedback to the DoD and CMMC Accreditation Body (CMMC-AB) on any issues that need to be resolved before the real evaluations begin. As a reminder, the body providing the training – the CMMC-AB – is separate from the DoD. The AB is currently operating with a volunteer board and will eventually be a fully staffed organization. 

This step comes in the wake of a rift between the DoD and the CMMC-AB over a new contract that would supersede their existing Memoranda of Understanding (MOU). The tension between the two organizations over the new agreement is centered around responsibilities, which some AB board members felt was undermining their authority. The DoD has said this agreement is a new no-cost contract would provide a more binding relationship between the CMMC-AB and the Department. While this was slated to be resolved by the end of August, stay tuned for the final result.

In the meantime, CMMC requirements showed up in the General Services Administration’s (GSA) $50 billion 8(a) STARS III contract, where GSA indicated that it “reserves the right” to require certifications for small businesses awarded slots on the federal IT vehicle. Although CMMC is only a future requirement for the approximately 300,000 DoD contractors, it has been predicted that adoption of the certification could spill over into civilian acquisitions. The move by GSA is a prime example of this, but is also not very surprising – DoD was one of the biggest buyers on the predecessor contract, STARS II. 

So, where does this leave small business contractors? With a lot of remaining questions. Below are a few that come to mind: 
  • As companies try to prepare for this assessment, who is credible to help them identify gaps to reach a readiness level? There has been a myriad of bad actors popping up, claiming they can guarantee a certain CMMC level with their analysis (which they can’t). 
  • Once the CMMC-AB accredits assessors and their certified third-party assessment organizations (C3PAOs), companies can start to get assessed. What is the actual cost for companies get this assessment? Will all of the accreditors charge the same amount?
  • Once assessors are ready, what is the order in which the 300,000+ businesses will be assessed? Is there a cue? Will it be based on existing contracts? Are small businesses going to pushed to the bottom of the list?  

According to DoD, all contractors will have to be certified by 2025. Advocacy remains crucial on this issue, and WIPP’s Virtual Symposium on Cyber Resiliency from September 31 to October 1 is focusing on these important policy changes for WOSB contractors. Register by September 17 to take advantage of Early Bird pricing and to be eligible for MatchMaker Meetings with almost 20 government agency partners. 



Tags:  cybersecurity  federal contracting  WIPP Works In Washington 

Share |
Permalink | Comments (0)
more Calendar

FountainHead: Diversity, Equity and Inclusion Panel Event (VIRTUAL)

9/29/2020 » 10/1/2020
WIPP Virtual Symposium on Cyber Resiliency

WIPP Advocacy Update - October 2020

WIPP Intersectionality Series

WIPP Community Connections - October 2020

Featured Members
Tina PattersonPrincipal, Jade Solutions, Germantown, MD — August 2020 Member Spotlight
Jeanette Prenger (Hernandez)President & CEO, ECCO Select, North Kansas City, MO — September 2020 Member Spotlight

Privacy Policy / Disclaimer    |    © WIPP  |    888-488-WIPP

Association Management Software Powered by YourMembership  ::  Legal