Pentagon Issues Draft Cybersecurity Certification Framework

Jeff Brody

The Department of Defense has issued a draft version of the Cybersecurity Maturity Model Certification, which sets cyber standards and practices meant to help the defense industrial base reduce exfiltration of controlled unclassified information.

A notice from DoD’s office of the defense undersecretary for acquisition and sustainment says the draft CMMC version 0.4 has five levels ranging from basic cyber hygiene to highly advanced practices. Each level has specific practices and activities that need to be carried out by stakeholders to achieve a capability.

The CMMC model consists of 18 domains, including access control, asset management, configuration management, cybersecurity governance, incident response, personnel security, recovery, risk assessment and situational awareness.

“CMMC levels 4 and 5 are targeted toward a small subset of the DIB sector that supports DoD critical programs and technologies,” according to an overview of the draft CMMC model.

The Pentagon will accept feedback on the CMMC framework through Sept. 25 with plans to release the model's draft version 0.6 for public review in November.

The department plans to release the final framework in January. It also expects the model to be included in requests for information starting in June 2020 and requests for proposals beginning in the fall of next year.

DoD has begun work on CMMC in March in partnership with several organizations including the Johns Hopkins University Applied Physics Laboratory, Defense Industrial Base Sector Coordinating Council, Carnegie Mellon University Software Engineering Institute and the Office of Small Business Programs. Industry associations such as the Professional Services Council, Aerospace Industries Association and the National Defense Industrial Association also supported the effort.

You may also be interested in...

John Mengucci President and CEO CACI International

CACI Gets $87M DHS Data Analysis Task Order; John Mengucci Quoted

The Department of Homeland Security has awarded CACI International (NYSE: CACI) a five-year $86.5M task order to help DHS' investigative unit analyze data in efforts to combat fraud, crime, risk and terrorism.

DISA

DISA Pushes Back Defense Enclave Services RFP Release

The Defense Information Services Agency has pushed back the planned release of the final solicitation for the Defense Enclave Services information technology contract from late September to mid-late first quarter of fiscal year 2021.