Pentagon Issues Draft Cybersecurity Certification Framework

Jeff Brody

The Department of Defense has issued a draft version of the Cybersecurity Maturity Model Certification, which sets cyber standards and practices meant to help the defense industrial base reduce exfiltration of controlled unclassified information.

A notice from DoD’s office of the defense undersecretary for acquisition and sustainment says the draft CMMC version 0.4 has five levels ranging from basic cyber hygiene to highly advanced practices. Each level has specific practices and activities that need to be carried out by stakeholders to achieve a capability.

The CMMC model consists of 18 domains, including access control, asset management, configuration management, cybersecurity governance, incident response, personnel security, recovery, risk assessment and situational awareness.

“CMMC levels 4 and 5 are targeted toward a small subset of the DIB sector that supports DoD critical programs and technologies,” according to an overview of the draft CMMC model.

The Pentagon will accept feedback on the CMMC framework through Sept. 25 with plans to release the model's draft version 0.6 for public review in November.

The department plans to release the final framework in January. It also expects the model to be included in requests for information starting in June 2020 and requests for proposals beginning in the fall of next year.

DoD has begun work on CMMC in March in partnership with several organizations including the Johns Hopkins University Applied Physics Laboratory, Defense Industrial Base Sector Coordinating Council, Carnegie Mellon University Software Engineering Institute and the Office of Small Business Programs. Industry associations such as the Professional Services Council, Aerospace Industries Association and the National Defense Industrial Association also supported the effort.

Check Also

fuel supply

DLA Selects 10 Awardees for Fuel Supply IDIQs 

Ten companies have each received indefinite-delivery/indefinite-quantity contracts to provide various fuel types to support designated Defense Logistics Agency missions.

BAE Systems

BAE Closes Purchase of Collins Aerospace’s Military GPS Business

BAE Systems has finalized its acquisition of the military GPS business of Raytheon Technologies’ (NYSE: RTX) Collins Aerospace subsidiary. BAE agreed to buy the military GPS business for $1.925B in cash in January and expects the transaction to expand its existing portfolio of electronics systems, the company said Friday.