The Cybersecurity and Infrastructure Security Agency (CISA) is keeping a close eye on the progress of the Defense Department’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program to improve the security of the defense industrial base (DIB) as CISA considers possible moves in the same direction on the civilian side of the Federal government. […]

The Department of Defense’s (DoD) Cybersecurity Maturation Model Certification (CMMC) program is in the process of being rolled out to every contract in the Defense Industrial Base (DIB) over the next five years, and the program is expected to help organizations implement Zero Trust practices, Katie Arrington, the Pentagon’s CISO for acquisition and sustainment, said May 5. […]

Three Defense Federal Acquisition Regulation Supplements (DFARS) related to the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) are set to become permanent rules shortly, Katie Arrington, the Pentagon’s CISO for acquisition and sustainment, said April 15. […]

The Accreditation Body (CMMC-AB) for the Department of Defense’s (DOD) Cybersecurity Maturity Model Certification (CMMC) program is creating an Industry Advisory Council (IAC) to provide feedback on the CMMC implementation to the DoD and CMMC-AB, the CMMC-AB announced this week. […]

Cybersecurity experts stressed this week that Federal agencies must keep stay focused on future threats and on moving toward adoption of zero trust security concepts, although they acknowledged that the latter tasks is “easier said than done.” […]

The Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program is under internal review at the Pentagon with an eye toward “potential improvements” to implementation of the program, a DoD spokesperson confirmed to MeriTalk. […]

The Accreditation Body (AB) in charge of the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program appointed Matthew Travis to serve as the body’s first CEO to oversee day-to-day operations and management. […]

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released new guidance on selecting a Protective Domain Name System (PDNS) provider. […]

Officials from the Defense Department (DoD) and the Cybersecurity and Infrastructure Security Agency (CISA) said today that creating more effective defenses against sophisticated cyberattacks of the type used in the SolarWinds Orion hack may require further adoption of zero trust security concepts. […]

Keith Nakasone, a senior acquisition official at the General Services Administration (GSA), said this week that his agency has held what he called “very early” talks with other Federal agencies aimed at spreading the use of the Cybersecurity Maturity Model Certification (CMMC) security standard through more of the Federal government. […]

By Fiscal Year 2026, every contractor seeking to do business with the Department of Defense (DoD) will be required to have at least a Level 1 Cybersecurity Maturity Model Certification (CMMC), Katie Arrington, the Pentagon’s CISO for acquisition and sustainment, said Feb. 3. […]

While the Department of Defense (DoD) is still adjudicating comments on its latest Cyber Maturity Model Certification (CMMC) guidelines, Katie Arrington, CISO for the department of Acquisition at DoD, said the department would be ready to release its first Request for Proposal (RFP) by mid-March. […]

The first steps of the Department of Defense’s (DoD’s) stronger approach to securing the defense industrial base take effect today, setting the stage for full implementation of the Cybersecurity Maturity Model Certification (CMMC) program, said Katie Arrington, the Defense Department’s (DoD) CISO for Acquisition and Sustainment. […]

The Defense Department’s (DoD) current interim rule for the Cybersecurity Maturity Model Certification (CMMC) will take full effect on December 1, said Katie Arrington, CISO for DoD’s acquisition office, at an October 28 virtual event organized by C4ISRNET. […]

Even before its official launch, the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program is generating additional interest in its applicability for non-defense sectors, panelists said at the CISQ Cyber Resilience Summit. […]

With the Federal government placing more and more emphasis on supply chain security, harmonizing various efforts to reduce confusion is an important step towards better regulation, said Grant Schneider, former Federal CISO, and now senior director of cybersecurity services at Venable. […]

One of the Licensed Partner Publishers selected last week to provide training materials for the Cybersecurity Maturity Model Certification Accreditation Body told MeriTalk this week he expects that some of the training materials will be publicly released beginning next month. […]

Another piece of the Cybersecurity Maturity Model Certification puzzle has fallen into place with the Accreditation Body announcing 11 companies as Licensed Partner Publishers who will develop curricula for the Department of Defense’s new cybersecurity standard for its supply chain companies. […]

The vice chair of the board of directors of the CMMC-AB said that 25 assessors have been provisionally trained, and estimated that certified assessors for the open market will be released in the first quarter of calendar year 2021. […]

The Information Technology Industry Council this week released its guide for cybersecurity certification, which includes a warning against a “one-size-fits-all solution” in certification. […]

The Cybersecurity Maturity Model Certification Accreditation Body announced the addition of two new members to its Board of Directors on Sept. 2, a move which comes just months after the board’s establishment in January. Sheryl Hanchar and Charlie Williams, Jr. were added to the board to serve terms beginning immediately, a CMMC-AB news release said. […]

Ellen Lord, the Defense Department’s (DoD) undersecretary of Defense for Acquisition and Sustainment, provided updates on August 13 on pathfinder projects and database construction for DoD’s Cybersecurity Maturity Model Certification (CMMC) program that aims to strengthen cybersecurity throughout the U.S. defense industrial base (DIB). […]

A confluence of trends – including ever-mounting cyber attacks, expanding network attack surfaces stemming from increased teleworking during the coronavirus pandemic, and an enduring shortage of skilled cybersecurity workforce talent – is creating demand for more autonomous cybersecurity technologies. […]

The Department of Defense (DoD) announced that the department reached an agreement with the Cybersecurity Maturity Model Certification Accreditation Board (CMMC-AB) yesterday, several months after the agreement, and added that the department is working to ensure the new standard is applied equally across the Defense Industrial Base. […]

Katie Arrington, Cybersecurity Maturity Model Certification (CMMC) lead and CISO for acquisition at the Department of Defense’s (DoD) Undersecretary of Defense, confirmed that the CMMC and FedRAMP (Federal Risk and Authorization Management Program) offices are working on a way to grant reciprocity between the two certifications. […]

Cybersecurity Maturity Model Certification (CMMC) Accreditation Body (AB) Chair Ty Schieber and Department of Defense (DoD) Under Secretary of Defense for Acquisition and Sustainment Katie Arrington shared new insights on what CMMC-AB looks like and how companies can expect to interact with it. […]

As agencies across the Federal government adjust operations to accommodate COVID-19 coronavirus disruptions, the Department of Defense’s (DoD) CISO for Acquisition Katie Arrington assured stakeholders today that the pandemic is not disrupting the Cybersecurity Maturity Model Certification (CMMC) program. […]

Katie Arrington, the Department of Defense’s (DoD) CISO for acquisition and a prime mover for the recently released Cybersecurity Maturity Model Certification (CMMC) program, this week emphasized the vital importance of defense contractors making the switch away from Chinese-built communications equipment.   […]

The Department of Defense (DoD) released the final version of its Cybersecurity Maturity Model Certification (CMMC) in January 2020, but without certification processes in place, third-party entities are offering fraudulent CMMCs to contractors interested in working with the department. […]

The Department of Defense released a draft version of its Cybersecurity Maturity Model Certification (CMMC), dated August 30, offering a glimpse into how the department plans to apply cybersecurity requirements to its contractors in the near future. […]